The US Department of Homeland Security( DHS) is offering up to $5,000 bug bonus under a brand-new program called Hack DHS, it announced. Vetted security researchers invited by the agency will get access to select external DHS systems to identify vulnerabilities that could be exploited by bad actors. Remittances will vary between $500 and $5,000 depending on the severity of the bug.
“As the federal government’s cybersecurity quarterback, DHS must set an example and forever seek to strengthen the security of our own systems, ” said DHS Secretary Alejandro N. Mayorkas. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity fatigues in our structures before they can be exploited by bad actors.”
The program will roll out in three chapters, with intruders firstly doing virtual assessments of systems. That will be followed by a live, in-person hacking event for the second stage, and in the third phase, the DHS will “identify and recollect lessons learned, and plan for future defect prizes, ” it wrote.
Some of the major players we haven’t seen as active as has already been. That doesn’t mean that they’ve gone away, that we’ve overcame them. They very well might have smacked the interrupt button. Vigilance has to remain at an unbelievably high level.
The program will use a programme laid down by the Cybersecurity and Infrastructure Security Agency( CISA) and monitored by the DHS Office of the Chief Information Officer. That district will substantiate any defects within 48 hours and either give them or develop a plan to do so within 15 days.
Private industry generally offers much higher bug bonus, with corporations like Microsoft and Apple offering payouts as high as$ 1 million. However, Hack DHS isn’t an open bonu curriculum so it’s limited to a smaller pool of researchers.
The DHS said that criticizes against it were up fourfold in 2021 but that some of the most dangerous radicals have slowed down. “Some of the major players we haven’t seen as active as has already been, ” Mayorkas said at Bloomberg‘s Technology Summit. “That doesn’t mean that they’ve gone away, that we’ve overcame them. They very well might have affected the interrupt button. Vigilance has to remain at an improbably high level.”
Read more: engadget.com