Homeland Security offers $ 5,000 bug reward as part of new ‘Hack DHS’ program

The U.S. Department of Homeland Security (DHS) is offering up to $ 5,000 in bug rewards under a new program called the DHS Hack, it announced. Proven security researchers invited by the agency will gain access to selected external DHS systems to identify vulnerabilities that could be exploited by bad actors. Payments will vary between $ 500 and $ 5,000 depending on the severity of the error.

“As a federal defensive player for cyber security, DHS must lead by example and constantly strive to strengthen the security of our own systems,” said DHS Secretary Alejandro N. Mayorkas. “The DHS Hack program encourages highly qualified hackers to identify cyber security vulnerabilities in our systems before they can be exploited by bad actors.”

The program will be developed in three phases, with hackers first doing virtual system assessments. This will be followed by a live hacking event for the second phase, and in the third phase, DHS will “identify and review lessons learned and plan future rewards for mistakes,” he writes.

We haven’t seen some of the major players as active as before. That doesn’t mean they’re gone, that we beat them. They could very well press the pause button. Vigilance must remain at an incredibly high level.

The program will use a platform developed by the Agency for Cyber ​​Security and Infrastructure Security (CISA) and overseen by the Office of the Chief Information Officer of DHS. This department will check for any errors within 48 hours and correct them or make a plan for it within 15 days.

The private industry generally offers much higher rewards for mistakes, and companies like Microsoft and Apple offer payouts of up to $ 1 million. However, the DHS Hack is not an open reward program, so it is limited to a small number of researchers.

The DHS said attacks on it had quadrupled in 2021, but that some of the most dangerous groups had slowed. “We haven’t seen some of the major players as active as before,” Mayorkas said BloombergTechnology Summit. “That doesn’t mean they left, that we beat them. It’s very possible that they pressed the pause button. Vigilance has to stay at an incredibly high level.”

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn a commission for partners.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button