March 18, 2024 at 09:15AM
The US Department of Defense has processed 50,000 reports through its vulnerability disclosure program, initiated after the success of the ‘Hack the Pentagon’ bug bounty program. Collaborating with platforms like HackerOne, Bugcrowd, and Synack, DoD expanded its bug bounty programs, saving an estimated $61 million and receiving over 45,000 vulnerability reports by 2022.
Based on the meeting notes, the key takeaways are:
1. The US Department of Defense has processed 50,000 reports as part of its continuous vulnerability disclosure program (VDP) initiated in November 2016.
2. The DoD has conducted over 40 bug bounty programs in collaboration with organizations like HackerOne, Bugcrowd, and Synack, allowing white hat hackers to submit vulnerability reports.
3. A 12-month bug bounty program aimed at finding flaws in contractor networks saved an estimated $61 million in taxpayer money by addressing over 1,000 vulnerabilities, as reported by the Pentagon’s Cyber Crime Center (DC3).
4. By the end of 2022, close to 45,000 vulnerability reports were received from roughly 4,000 researchers participating in the DoD’s VDP. More than 25,000 of the reports were actionable and over 6,000 of them were successfully mitigated.
5. HackerOne founder and CTO Alex Rice expressed pride in the success of the DC3 VDP and emphasized the importance of collaboration with ethical hackers to strengthen national security.
These are the main points extracted from the meeting notes. Let me know if you need more information or if there’s anything else I can assist you with.