The Department of Defense is expanding its “Hack the Pentagon” programme past times awarding contracts to Silicon Valley firms BugCrowd, HackerOne, as well as Synack to run ongoing põrnikas bounty contests inwards search of vulnerabilities. First launched every bit a airplane pilot programme inwards 2016 nether Secretary Ash Carter, Hack the Pentagon allowed exterior cybersecurity professionals to legally endeavor to interruption into its public-facing systems — something that the DoD’s enemies are trying to create pretty much every day. The lawsuit run was a success, which led to thousands of safety vulnerabilities beingness identified as well as remedied, according to a DoD press release. “Finding innovative ways to position vulnerabilities as well as strengthen safety has never been to a greater extent than important,” Chris Lynch, Director of the Defense Digital Service, said inwards a statement.
“When our adversaries comport out malicious attacks, they don’t concur dorsum as well as aren’t afraid to go creative. Expanding our crowdsourced safety run allows us to construct a deeper bench of tech talent as well as choose to a greater extent than various perspectives to protect as well as defend our assets. We’re excited to run into the programme go along to grow as well as deliver value across the department.”
The contracts volition run into the companies running “continuous, year-long assessments” of DoD assets beyond the public-facing sites of the past. Bug hunters volition also go targeting individual Pentagon assets, every bit good every bit hardware as well as physical systems.
The exterior assist is much-needed.
The Pentagon announced a breach of its move records system simply over 10 days ago, which exposed personal information as well as credit bill of fare information on every bit many every bit 30,000 armed services as well as civilian personnel. And simply a few days earlier that, a study out from the Government Accountability Office showed the scale of vulnerabilities inwards DoD, specially inwards its weapons systems, is getting out of hand.
As Task & Purpose previously reported, betwixt 2012 as well as 2017, penetration testers “routinely constitute mission critical cyber vulnerabilities inwards nearly all weapon systems that were nether development,” the study said. Also noteworthy was the fact that testers weren’t taking nearly every bit much fourth dimension or using sophisticated methods every bit a nation-state adversary would.
Instead, nearly used “relatively unproblematic tools as well as techniques” to cause got control, as well as largely operated undetected every bit a result.
“DoD probable has an entire generation of systems that were designed as well as built without adequately considering cybersecurity,” the study said.
The contract for the crowd-sourced põrnikas bounty programme is worth a cool $34 million, NextGov reported.
Buat lebih berguna, kongsi:
