Pentagon Received 50,000+ Vulnerability Reports Since November 2016

The Department of Protection (DoD) Cyber Crime Heart (DC3) lately announced a essential milestone in its cybersecurity efforts.

The processing of over 50,000 vulnerability reports for the reason that inception of its Vulnerability Disclosure Program (VDP) in November 2016.

This program, a pioneering initiative in the federal authorities, used to be established following the “Hack the Pentagon” malicious program bounty program, which demonstrated the value of crowdsourced cybersecurity.

The VDP has additionally fostered collaboration between the final public and deepest sectors, exemplified by partnerships with platforms like HackerOne, Bugcrowd, and Synack.

These collaborations own facilitated the operating of over 40 malicious program bounty purposes.

Unlike used malicious program bounties, the VDP lets in for real reporting of doable security weaknesses in DoD’s publicly accessible files programs.

This plot has been instrumental in enhancing the cyber defenses of the Pentagon and its linked networks.

The VDP’s success is largely attributed to the collaboration with ethical hackers from across the sector.

Vulnerabilities Reported

By the discontinuance of 2022, nearly forty five,000 reports had been purchased from roughly 4,000 researchers.

Out of these, better than 25,000 had been actionable, leading to the worthwhile mitigation of over 6,000 vulnerabilities.

This system’s effectivity used to be significantly improved with the introduction of the Vulnerability Memoir Management Community in the summertime of 2018, which computerized the monitoring and processing of reports.

This machine growth allowed the VDP to quilt a unheard of wider vary of DoD sources, including all publicly accessible files abilities sources owned and operated by the Joint Drive Headquarters DoD Data Community.

The VDP has additionally extended its reach to the Protection Industrial Spoiled (DIB) throughout the DIB-VDP Pilot, which processed 1,019 vulnerability reports in 2022, helping to real miniature to medium-sized participant companies from identified threats.

This pilot earned DC3 the prestigious DoD Chief Data Officer Annual Award for its contributions.

The Pentagon’s proactive formulation to cybersecurity has no longer handiest bolstered its defenses but additionally saved taxpayer cash.

In 2021, a 12-month malicious program bounty program aimed at discovering flaws in contractor networks addressed over 1,000 vulnerabilities, saving an estimated $61 million.

The success of the DC3 VDP exemplifies the advantages of a solid relationship with the world ethical hacker neighborhood.

It has change into a mannequin for diversified authorities organizations to spend, showcasing how crowdsourced cybersecurity can lead to the fixed strengthening of cyber defenses.

As cyber threats proceed to adapt, the DoD’s VDP stays a essential a part of the Pentagon’s protection-in-depth draw, making certain the safety and mission assurance of the US’ protection files networks.

Since its inception in November 2016, the Pentagon’s Vulnerability Disclosure Program (VDP) has gone through essential evolution and growth, reflecting its success and the rising recognition of the value of ethical hacking in strengthening cybersecurity.

Dwell updated on Cybersecurity files, Whitepapers, and Infographics. Notice us on LinkedIn & Twitter.