The Department of Homeland Security has announced the launch of “Hack DHS”, a new vulnerability bounty program designed to identify potential security vulnerabilities in certain DHS systems.
Audited security researchers invited to participate in the program will be able to access “selected external DHS systems” to identify vulnerabilities that attackers might exploit. Hackers will be rewarded for discovering errors; however, the Department of Homeland Security did not share any details about their compensation.
Hack DHS will be conducted in three phases in fiscal year 2022. The goal is to create a model that the entire government organization can use to improve security. In the first phase, participants will conduct a virtual assessment of some DHS external systems; second, they will participate in live, face-to-face hacking activities. The official explained in the press release that in the third phase, the Department of Homeland Security will review the lessons learned and plan future bug bounties.
The plan will use a platform built by CISA and monitored by the Office of the Chief Information Officer of DHS. Hackers will share their findings with DHS system owners and leaders and provide detailed information, including what the vulnerability is, how they exploited it, and how attackers use it to access information.
read Full release Get more details from DHS.
