The United States Department of Homeland Security has launched a new bug award program to identify potential cyber security vulnerabilities and increase the Department’s resilience in the field of cyber security.
When announcing the “Hack DHS” program in a Disclaimer Who shared yesterday, the department said its purpose is to expose vulnerabilities in certain DHS systems so that they can be fixed.
In exchange for a vote on defects, successful insect hunters will be paid in cash. How much they will earn will be decided by a sliding scale, with the highest prizes being passed to hackers who catch the most serious bugs.
DHS’s Bug Award Program is by appointment only. Program participants will be selected from a list of tested cyber security researchers.
“As the federal government’s cyber security quarterback, DHS must set an example and constantly seek to strengthen the security of our systems,” said Minister Alejandro Maurice.
“The DHS Hack program encourages skilled hackers to detect cyber security vulnerabilities in our systems before they can be exploited by bad players.”
Mayorkas added that the new program is an example of how DHS is collaborating with the community to help protect America’s national cyber security.
Hack DHS is a three-phase program that will run throughout the fiscal year 2022.
What DHS reported: “During the first phase, hackers will perform virtual evaluations on certain external DHS systems. During the second phase, hackers will participate in a live, personal hacking event.
“During the third and final phase, DHS will identify and review the lessons learned, and plan future bug releases.”
DHS is collaborating with a mass-sourced cyber security company Insect load Transfer the program.
Bugcrowd founder and CTO Casey Ellis responded: “We have been advising a variety of government agencies for many years, including DHS, and we will be the platform partners for this program.”
He added: “In the spirit of mass outsourcing, they also drew on existing experience in running successful programs within the U.S. government, including those who worked on the CISA program, and veterans of the Hack the Pentagon series of programs.
“Good planning is an excellent predictor of success in this area, and they have certainly invested in this work.”