Makes you wonder how many weren't found. Yeesh.Nearly a year after a rule change allowed good Samaritan hackers to notify the Department of Defense (DOD) about cybersecurity glitches that needed fixing, the Pentagon has mitigated more than 2,800 security problems.
The Pentagon opened its vulnerability disclosure program on November 21, 2016, inviting anyone who came across a security flaw in one of its public-facing websites to report it.
The program came on the heels of last year's "Hack the Pentagon" program, which offered cash rewards for anyone who reported a valid security problem. The vulnerability disclosure program offers no such incentives.
But even without incentives, the vulnerability disclosure program has netted valuable information for the Defense Department. Nearly than 650 hackers from more than 50 countries have submitted security shortcomings to be repaired.
The DOD operates its disclosure program using the firm HackerOne, which also ran the Hack the Pentagon program.
More than 100 of the bugs reported through the program were deemed of high or critical severity, meaning they would allow changes to important data or allow attackers to execute their own commands.
Most responses came from United States-based researchers, but HackerOne released the top nine foreign countries reporting vulnerabilities: India, Great Britain, Pakistan, the Philippines, Egypt, Russia, France, Australia and Canada.
Pentagon's hacker disclosure program defangs 2,800 security flaws
-
- Posts: 2528
- Joined: Wed Nov 30, 2016 11:09 am
Pentagon's hacker disclosure program defangs 2,800 security flaws
Pentagon's hacker disclosure program defangs 2,800 security flaws
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Pentagon's hacker disclosure program defangs 2,800 security flaws
What, the security leaks weren't enough of a hint that they weren't found and just exploited?de officiis wrote:Pentagon's hacker disclosure program defangs 2,800 security flaws
Makes you wonder how many weren't found. Yeesh.Nearly a year after a rule change allowed good Samaritan hackers to notify the Department of Defense (DOD) about cybersecurity glitches that needed fixing, the Pentagon has mitigated more than 2,800 security problems.
The Pentagon opened its vulnerability disclosure program on November 21, 2016, inviting anyone who came across a security flaw in one of its public-facing websites to report it.
The program came on the heels of last year's "Hack the Pentagon" program, which offered cash rewards for anyone who reported a valid security problem. The vulnerability disclosure program offers no such incentives.
But even without incentives, the vulnerability disclosure program has netted valuable information for the Defense Department. Nearly than 650 hackers from more than 50 countries have submitted security shortcomings to be repaired.
The DOD operates its disclosure program using the firm HackerOne, which also ran the Hack the Pentagon program.
More than 100 of the bugs reported through the program were deemed of high or critical severity, meaning they would allow changes to important data or allow attackers to execute their own commands.
Most responses came from United States-based researchers, but HackerOne released the top nine foreign countries reporting vulnerabilities: India, Great Britain, Pakistan, the Philippines, Egypt, Russia, France, Australia and Canada.
#NotOneRedCent
-
- Posts: 25287
- Joined: Wed Nov 30, 2016 6:50 am
- Location: Ohio
Re: Pentagon's hacker disclosure program defangs 2,800 security flaws
While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Pentagon's hacker disclosure program defangs 2,800 security flaws
Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
#NotOneRedCent
-
- Posts: 25287
- Joined: Wed Nov 30, 2016 6:50 am
- Location: Ohio
Re: Pentagon's hacker disclosure program defangs 2,800 security flaws
Well, since the latter is completely broken, I'd say it's more useful to keep the former broken as well.The Conservative wrote:Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
-
- Posts: 14797
- Joined: Wed Nov 30, 2016 9:43 am
Re: Pentagon's hacker disclosure program defangs 2,800 security flaws
One without the other, both are useless.GrumpyCatFace wrote:Well, since the latter is completely broken, I'd say it's more useful to keep the former broken as well.The Conservative wrote:Secrets are meant to be kept at that level, there is also meant to be checks and balances, which is way out of whack... so choose your poison.GrumpyCatFace wrote:While it's nice to have things more secured in general... Not sure I'd want to help that particular organization keep better secrets.
#NotOneRedCent