DOD OKs Vulnerability Search on Department’s Public IT Systems; Brett Goldstein Quoted

1 min read
Brett Goldstein
Brett Goldstein Director Defense Digital Service

The Department of Defense (DOD) has informed ethical hackers that they can now look for security issues across DOD's publicly available information systems under its expanded Vulnerability Disclosure Program.

DOD said Tuesday that its Cyber Crime Center-led program now covers public defense networks, connected devices and frequency-based communications platforms.

"This expansion is a testament to transforming the government's approach to security and leapfrogging the current state of technology within DOD," said Brett Goldstein, the director of the Defense Digital Service.

The initiative is a product of the “Hack the Pentagon” pilot project launched by the Pentagon five years ago in collaboration with bug bounty platform provider HackerOne to identify security flaws on publicly accessible defense websites.

Participants have reported over 29,000 vulnerabilities to the department since the program's inception, with more than 70 percent of the reports deemed to be valid, according to officials.

DC3 Director Kristopher Johnson said DOD's online portals account for a portion of its entire attack surface.

If you're interested in cybersecurity, check out GovCon Wire's Defense Cybersecurity Forum coming up on May 12. Click here to learn more.

ExecutiveGov Logo

Sign Up Now! Executive Gov provides you with Free Daily Updates and News Briefings about Government Technology

Become a Registered Reader
Register to enjoy unlimited access to articles, interviews, and invaluable govcon content. You'll also receive our daily briefing straight to your inbox.

This will close in 0 seconds