Over 50,000 vulnerabilities have been submitted to the US Division of Protection (DoD) by its vulnerability disclosure program (VDP).
The DoD Cyber Crime Heart (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced moral hacking scheme in November 2016.
In contrast to different bug bounty efforts, DC3’s VDP is a steady scheme welcoming moral hackers to search out vulnerabilities inside US navy IT programs and report them to the DoD.
Its launch in November 2016 adopted a profitable ‘Hack the Pentagon’ bug bounty program operating on HackerOne.
In 2018, DC3 launched a brand new reporting system inside VDP referred to as the Vulnerability Report Administration Community. It permits DC3 to automate, monitor, and course of all reporting, creating a way more environment friendly course of.
“This system’s development has enabled VDP to develop their mitigative scope to not solely course of findings on DoD web sites and purposes, however to incorporate all publicly accessible and/or accessible info know-how belongings owned and operated by the Joint Drive Headquarters DoD Info Community,” DC3 defined in a public statement.
In 2021, DC3 and the Protection Counterintelligence and Safety Company partnered to create a 12-month pilot program devoted to searching bugs throughout the programs of small to medium organizations taking part within the Protection Industrial Base (DIBCOs).
This initiative allowed DC3 to course of 1019 vulnerability experiences. “[It] saved taxpayers an estimated $61m by discovering and remediating greater than 400 lively vulnerabilities and Managed Unclassified Info exfiltration threats by adversaries on DIB members’ public-facing belongings,” famous DC3.
The pilot program earned DC3 the distinguished DoD Chief Info Officer Annual Award.
In the meantime, the DoD has continued operating standalone bug bounty applications in collaboration with HackerOne, Bugcrowd and Synack, together with ‘Hack the Pentagon’ competitors overlaying different departments such because the Air Drive, the Marine Corps, the Military, and Protection Journey System belongings.