The US government is drawing on the hacking community’s expertise in an effort to tighten cybersecurity protections.
Earlier this week, the chief of the Office of Digital and Artificial Intelligence (CDAO) and the Department of Defense’s Directorate of Digital Services and the Department of Defense (DC3)’s Center for Cybercrime (DC3) jointly launched “Hack US,” a prize-seeking program aimed at identifying high-risk flaws in government systems.
As I mentioned VentureBeat, the Department of Defense (DoD) has a budget of about $110,000 for white-hat hackers who discover critical flaws. Hacker Critical Severity Reports will earn you $1000 per piece, $500 per high-risk piece, and there is a $3,000 bonus for those in additional special categories.
Speaking to the publication, Casey Ellis, founder and chief technology officer at Bugcrowd, said tapping into the community’s potential makes sense, given that attackers often work in groups and outnumber defenders in general.
“It takes an army of adversaries to beat an army of allies, and many organizations take advantage of the community of millions of well-intentioned hackers around the world who are skilled, ready and willing to help,” Ellis said.
“The good folks at DoD DC3 have been running their vulnerability detection program for many years with great effort and success, so seeing them ‘upgrade’ to a paid bug bounty program makes a lot of sense,” Ellis said.
But it’s not just about the number of attackers searching your code for flaws – it’s also about the number of flaws. according to VentureBeat According to the report, the average organization has more than 30,000 vulnerabilities on its attack surface, which is far more than a small Homeland Security team can handle.
Thus, nearly half (44%) of organizations are not confident that they can properly secure all of their endpoints (Opens in a new tab)Even with the best cybersecurity solutions (Opens in a new tab) in the place.
Across: VentureBeat (Opens in a new tab)