March 19, 2024 at 05:15PM
The U.S. Department of Defense Cyber Crime Center has processed its 50,000th vulnerability report from 5,635 researchers since 2016. DC3 launched its Vulnerability Disclosure Program following ‘Hack-the-Pentagon’ to engage ethical hackers continuously. VDP’s success includes discovering and mitigating 400 significant security flaws in a special 12-month program with Defense Counterintelligence and Security Agency.
From the provided meeting notes, the following key takeaways can be summarized:
– The Cyber Crime Center (DC3) of the U.S. Department of Defense has processed its 50,000th vulnerability report from 5,635 researchers since its inception in November 2016.
– The Vulnerability Disclosure Program (VDP) was launched 7.5 years ago following a bug bounty event called ‘Hack-the-Pentagon’ to engage crowd-sourced vulnerability reports for bolstering cyber defenses.
– VDP’s crowd-sourced ethical hackers continuously report vulnerabilities as part of a defense-in-depth approach.
– The program introduced an automated tracking and processing system for submitted reports, leading to improved efficiency and experience for ethical hackers.
– The scope of VDP expanded to include vulnerabilities in all publicly accessible IT assets, websites, and applications owned and operated by the Joint Force Headquarters DoD Information Network.
– DC3 and the Defense Counterintelligence and Security Agency worked together in a special 12-month program in 2021, leading to the discovery and mitigation of 400 significant security flaws, saving taxpayers a reported $61 million.
– In 2023, it can be deduced that 5,000 reports were processed, lower than the 7,349 vulnerabilities reported in 2022.
– DoD’s bug bounty program on HackerOne has resolved over 27,000 issues, while receiving 1,231 reports in the last 90 days.
– The success of the DC3 VDP is highlighted as a strong example of a relationship with the global ethical hacker community consistently strengthening cyber defenses.
These takeaways demonstrate the evolution and impact of the VDP in contributing to the overall cybersecurity efforts of the U.S. Department of Defense.