The final results of a bug bounty program for the department of homeland safety (DHS) have been revealed, and it’s no longer particularly encouraging information for a central authority company synonymous with cyber protection.
Individuals of DHS’ first-ever bug bounty software, named “Hack DHS,” showed that they determined a worrying number of safety insects.
The Hack DHS initiative noticed extra than 450 security researchers participate in the program. For their efforts, the authorities company paid out a total reward of $125,600 that was distributed to the ethical hackers.
As aptly highlighted by using the register, the aforementioned payout parent pales in contrast to what different organizations pay to bug bounty hunters.
For example, Intel has formerly provided up to $100,000 for correctly uncovering particular vulnerabilities.
Different technology giants like Microsoft provide 10s of thousands of dollars for locating flaws, while Apple paid a single character almost the entirety of the Hack DHS bounty via giving him $100,000 for hacking a Mac.
Google, meanwhile, has awarded nearly $30 million to people enrolled in its bug bounty programs. In one specific case, the corporation gave a self-taught teenage hacker $36,000 for reporting a computer virus.
FCC adds Kaspersky to its listing of countrywide security issues
Considering the reality that one of the department of homeland safety’s key obligations includes cyber security, many may understandably be anxious that such a high quantity of security bugs was located in the first place. Furthermore, the somewhat lackluster payment tiers related to Hack DHS might be a potential deterrent to destiny’s interesting events.
All matters considered, it appears the DHS is not as secure as many Americans could have hoped it would be.
Homeland protection’s quest to become extra comfortable
Hack DHS was originally delivered in December 2021. Any hacker who joined this system would provide a complete breakdown of any vulnerability they locate. Additionally, they should detail how that flaw can be targeted and exploited by potential threat actors, in addition, to explaining how it can be utilized to access and extract records from DHS systems.
The government corporation’s bug bounty application will be performed via a tiered rollout which includes three stages. The first phase, payouts, has been completed, while the approaching 2nd level will see safety researchers hand-picked via the DHS taking element in a live hacking occasion.
As for the final phase, the check-in reports that DHS will share records that it hopes will affect extra bug bounty packages.
The popularity of bug bounty packages is increasingly becoming greater distinguished in a generation in which cybercriminals were intensifying their tries to infiltrate principal agencies, mainly in the technology area.
for example, Intel unveiled project Circuit Breaker, a diffusion to its malicious program bounty software that was delivered to recruit “elite hackers.” Google also updated its Vulnerability reward software last year by launching a new computer virus platform.
Elsewhere, Google currently showed that a record wide variety of dangerous zero-day exploits have been recognized in 2021, while cybercrimes are greater good sized than ever before.