Pentagon's hacker disclosure program defangs 2,800 security flaws

User avatar
de officiis
Posts: 2528
Joined: Wed Nov 30, 2016 11:09 am

Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by de officiis » Mon Nov 13, 2017 10:51 am

Pentagon's hacker disclosure program defangs 2,800 security flaws
Nearly a year after a rule change allowed good Samaritan hackers to notify the Department of Defense (DOD) about cybersecurity glitches that needed fixing, the Pentagon has mitigated more than 2,800 security problems.

The Pentagon opened its vulnerability disclosure program on November 21, 2016, inviting anyone who came across a security flaw in one of its public-facing websites to report it.

The program came on the heels of last year's "Hack the Pentagon" program, which offered cash rewards for anyone who reported a valid security problem. The vulnerability disclosure program offers no such incentives.

But even without incentives, the vulnerability disclosure program has netted valuable information for the Defense Department. Nearly than 650 hackers from more than 50 countries have submitted security shortcomings to be repaired.

The DOD operates its disclosure program using the firm HackerOne, which also ran the Hack the Pentagon program.

More than 100 of the bugs reported through the program were deemed of high or critical severity, meaning they would allow changes to important data or allow attackers to execute their own commands.

Most responses came from United States-based researchers, but HackerOne released the top nine foreign countries reporting vulnerabilities: India, Great Britain, Pakistan, the Philippines, Egypt, Russia, France, Australia and Canada.
Makes you wonder how many weren't found. Yeesh.
Image

User avatar
The Conservative
Posts: 14797
Joined: Wed Nov 30, 2016 9:43 am

Re: Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by The Conservative » Mon Nov 13, 2017 10:59 am

de officiis wrote:Pentagon's hacker disclosure program defangs 2,800 security flaws
Nearly a year after a rule change allowed good Samaritan hackers to notify the Department of Defense (DOD) about cybersecurity glitches that needed fixing, the Pentagon has mitigated more than 2,800 security problems.

The Pentagon opened its vulnerability disclosure program on November 21, 2016, inviting anyone who came across a security flaw in one of its public-facing websites to report it.

The program came on the heels of last year's "Hack the Pentagon" program, which offered cash rewards for anyone who reported a valid security problem. The vulnerability disclosure program offers no such incentives.

But even without incentives, the vulnerability disclosure program has netted valuable information for the Defense Department. Nearly than 650 hackers from more than 50 countries have submitted security shortcomings to be repaired.

The DOD operates its disclosure program using the firm HackerOne, which also ran the Hack the Pentagon program.

More than 100 of the bugs reported through the program were deemed of high or critical severity, meaning they would allow changes to important data or allow attackers to execute their own commands.

Most responses came from United States-based researchers, but HackerOne released the top nine foreign countries reporting vulnerabilities: India, Great Britain, Pakistan, the Philippines, Egypt, Russia, France, Australia and Canada.
Makes you wonder how many weren't found. Yeesh.
What, the security leaks weren't enough of a hint that they weren't found and just exploited?
#NotOneRedCent

User avatar
SuburbanFarmer
Posts: 25287
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by SuburbanFarmer » Mon Nov 13, 2017 12:03 pm

While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
The Conservative
Posts: 14797
Joined: Wed Nov 30, 2016 9:43 am

Re: Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by The Conservative » Mon Nov 13, 2017 12:16 pm

GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.
#NotOneRedCent

User avatar
SuburbanFarmer
Posts: 25287
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by SuburbanFarmer » Mon Nov 13, 2017 8:23 pm

The Conservative wrote:
GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.
Well, since the latter is completely broken, I'd say it's more useful to keep the former broken as well.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
The Conservative
Posts: 14797
Joined: Wed Nov 30, 2016 9:43 am

Re: Pentagon's hacker disclosure program defangs 2,800 security flaws

Post by The Conservative » Mon Nov 13, 2017 8:46 pm

GrumpyCatFace wrote:
The Conservative wrote:
GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.
Well, since the latter is completely broken, I'd say it's more useful to keep the former broken as well.
One without the other, both are useless.
#NotOneRedCent