US Homeland Security unveils bug bounty program to aid with flaw discovery

The Department of Homeland Security is launching a bug bounty program aimed at finding cybersecurity flaws in its system.

According to Cyberscoop, the Hack DHS program would enable ethical hackers to receive between $500 and $5,000 for identifying vulnerabilities, depending on their severity. The DHS would verify the flaws within 48 hours and aim to fix them within 15 days. For more complex bugs, the Department would develop a plan to do so during that period.

DHS Secretary Alejandro Mayorkas said, “We’re focused not only on protecting and enhancing the cybersecurity of the private sector and of the federal government at large but, of course, we as a department have to lead by example and so what we are very focused on is identifying vulnerabilities and addressing or remediating those vulnerabilities.”

The Congressional Budget Office has estimated that one year of the pilot program under that legislation would cost around $250,000. The program – which began in October of this year – will run throughout the fiscal year of 2022.

The DHS said that for the program, hackers will work in three phases, undertaking assessments first on some external systems and then followed by a live in-person hacking event and concluding with a ‘lessons learned’ segment and plan for future events. The CIO and the Cybersecurity and Infrastructure Security Agency will oversee the program.

Copyright © 2021 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.