When the Pentagon announce the “ hack on the Pentagon”event back in March , many wonder what variety of exposure hackers would find when checking government web site for bugs . Now we know .
agree toDefense Secretary Ash Carter , more than 250 participants out of the 1,400 submitted at least one vulnerability report , with 138 of those vulnerabilities regulate to be “ legitimate , unparalleled and eligible for a bounty , ” he said . The bounty vagabond per person from $ 100 to around $ 15,000 if someone resign multiple bugs .
The cowcatcher programme , which ran from April 18 to May 12 , be about $ 150,000 , with around one-half of that get to player . The result were publish on Friday , concord to theDepartment of Defense ’s website .
“ cut up the Pentagon ” was deemed a cost - effectual way to scour five of the US defense departments ’ internet site ( defense.gov , dodlive.mil , dvidshub.net , myafn.net and dimoc.mil , according to a DoD spokesman ) for protection hemipteron . Instead of drop dead to international surety firms , which would ’ve cost upwards of $ 1 million , the governance instead inscribe amateur cyber-terrorist to do it for much less , some who were only in gamy school .
In addition to reporting on the numeral of glitch , Carter also said that the governing has worked with HackerOne , a bug bounty platform , to fix the vulnerability and that the department has “ built strong bridge to advanced citizens who want to make a difference to our defense mission . ” Carter wants the “ bug bounty ” programme to broaden to other surface area of the government and wants to ensure that hackers and researchers can report bugs without a consecrate curriculum .
“ When it hail to entropy and engineering , the Department of Defense institution usually swear on closed systems , ” he said . “ But the more favorable heart we have on some of our systems and websites , the more interruption we can find out , the more vulnerabilities we can fix , and the greater security we can leave to our warfighters . ”
Many website already have hemipteran bounty programs in place , but it was thefirst timethe Union governance had come up with such a program . It ’s good experience for unseasoned hacker and security system fiend who desire to assay and whoop a government bureau , although that ’s a small amount of money for their time .
[ Phys.orgviaDefense.gov ]
CybersecurityHackersSecurity
Daily Newsletter
Get the well technical school , science , and finish news in your inbox daily .
News from the future , deliver to your nowadays .
You May Also Like
