• Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion
Saturday, 25 March, 2023
  • Login
topfmonline.com
 
  • Home
  • News
  • Politics
  • Business
  • Entertainment
  • Health
  • Lifestyle
  • Sports
  • Education
  • Technology
  • Foreign
No Result
View All Result
topfmonline.com
No Result
View All Result
Home Technology

US DHS to offer up to $5,000 ‘bounty’ to hackers to identify cyber vulnerabilities

TOPFM NEWS by TOPFM NEWS
December 15, 2021
in Technology
A A
0
US DHS to offer up to $5,000 ‘bounty’ to hackers to identify cyber vulnerabilities
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

The Department of Homeland Security is launching a “bug bounty” program, potentially offering thousands of dollars to hackers who help the department identify cybersecurity vulnerabilities within its systems. 

DHS will pay between $500 and $5,000 depending on the gravity of the vulnerability and the impact of the remediation, Homeland Security Secretary Alejandro Mayorkas announced Tuesday.

“It’s a scalable amount of money but we consider that quite significant,” he said, speaking at the Bloomberg Technology Summit. “We’re really investing a great deal of money, as well as attention and focus, on this program.”

Hackers will earn the highest bounties for identifying the most severe bugs, DHS said. 

Some private companies offer much higher bounties for uncovering vulnerabilities. For instance, payouts from Apple range from $25,000 to $1 million and Microsoft offers up to $200,000.

The announcement comes a day after senior Biden administration cyber officials warned that hackersare exploiting a newly revealed software vulnerability. 

The vulnerability is in Java-based software known as “Log4j” that large organizations, including some of the world’s biggest tech firms, use to configure their applications.

Jen Easterly, director of the DHS Cybersecurity and Infrastructure Security Agency, said the “vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” during a call with executives from major US industries Monday. 

As part of the “Hack DHS program,” the department will verify the vulnerability within 48 hours and either remediate it within 15 days or, if required, develop a plan for remediation within a 15-day period, according to Mayorkas.

The program will be open to vetted cybersecurity researchers who have been invited to access select external DHS systems.

“Hack DHS” will be carried out in three phases. First, hackers will conduct virtual assessments, which will be followed by a live, in-person hacking event. During the third phase, DHS will identify and review lessons learned and plan for future bug bounties, according to the department. 

Asked whether this program will last into future administrations, Mayorkas said that if it proves valuable, “we will continue the program for as long as we can.” 

Katie Moussouris, CEO and founder of Luta Security, welcomed the move but raised concerns about the program’s timeline. 

“It’s great that DHS is working with hackers and welcoming their findings; however, time-bound bug bounty programs do not deliver consistent security improvements,” she told CNN. “It’s time to mature government vulnerability disclosure and bug bounty programs towards measurable security outcomes.” 

She also pointed out that bug bounties are meant to catch what internal security due diligence missed. 

“I will be interested to see if this newest bug bounty reveals more complex bugs than typical low-hanging fruit normally found in bug bounties,” she added. The department ran a bug bounty pilot program in 2019, which stemmed from legislation that allows DHS to compensate hackers for evaluating department systems. It also build on similar efforts, like the Department of Defense’s “Hack the Pentagon” program. 

Casey Ellis, founder and chief technology officer at Bugcrowd, a San Francisco-based cybersecurity firm that is working with DHS on the bug bounty program, said there are benefits to adding outside expertise to the department’s cybersecurity efforts. 

“It takes an army of allies to outsmart an army of adversaries. Even with an internal team as resourced and smart as the DHS, adding the collective creative of the good-faith hacker community helps DHS level the playing field against the adversary.”

Bugcrowd has been advising a variety of government agencies for many years, including DHS, and will be the platform partner for this program.

Democratic Sen. Maggie Hassan of New Hampshire and Republican Sen. Rob Portman of Ohio, who helped draft the initial bug bounty legislation, praised the announcement. 

“At a time when cyber threats are on the rise, I’m pleased that DHS is making permanent the bug bounty program I created with Senator Hassan to ensure our federal government is better prepared to protect itself,”  Portman said in a statement.

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Source: Geneva Sands
Via: CNN
Tags: appleHackersiphonetech
Previous Post

Some bad girl traits guys love to see in a girl

Next Post

iFixit partners with Microsoft on official repair tools

Related Posts

TikTok launches an elections hub in Kenya ahead of General Elections
Technology

TikTok launches an elections hub in Kenya ahead of General Elections

July 15, 2022
10
Facebook to allow up to five profiles tied to one account
Technology

Facebook to allow up to five profiles tied to one account

July 15, 2022
4
Microsoft releases tweet-size exploit for macOS sandbox escape bug
Technology

Microsoft releases tweet-size exploit for macOS sandbox escape bug

July 14, 2022
9
Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’
Technology

Final Android 13 beta arrives ahead of its official launch ‘in the weeks ahead’

July 14, 2022
2
Ex-CIA engineer Joshua Schulte convicted over massive data leak
Technology

Ex-CIA engineer Joshua Schulte convicted over massive data leak

July 14, 2022
2
Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC
Technology

Samsung Galaxy Z Fold 4 with model name SM-F936U certified by FCC

July 13, 2022
2
Next Post
iFixit partners with Microsoft on official repair tools

iFixit partners with Microsoft on official repair tools

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

BROWSE BY CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

BROWSE BY TOPICS

2022 Budget Afghanistan akufo addo Amazon Apiate explosion apple AT&T Bawku Black Stars covid COVID-19 COVID 19 E-Levy facebook Ghana Police Service Google Government health Intel iphone Mahama Majority Microsoft Minority momo NDC news NPP Nvidia OMICRON Parliament police Russia security South Africa Taliban tech Tesla US UTAG vaccine vaccines Verizon WHO Xinjiang

Recent Posts

  • FDA issues alert on two eyedrops which have killed patients in US
  • Talks with China over $1.7bn debt positive, encouraging – Ofori-Atta
  • Donations to Appiate reconstruction being put to good use – Committee
  • Parliament to decide fate of Nana Addo’s new ministers today
  • I’m committed to serve’ – Kwabena Duffuor after filing NDC presidential forms

Recent Comments

No comments to show.

RECENT NEWS

  • FDA issues alert on two eyedrops which have killed patients in US March 24, 2023
  • Talks with China over $1.7bn debt positive, encouraging – Ofori-Atta March 24, 2023
  • Donations to Appiate reconstruction being put to good use – Committee March 24, 2023
  • Parliament to decide fate of Nana Addo’s new ministers today March 24, 2023

MAIN CATEGORIES

  • Business
  • Education
  • Entertainment
  • Foreign
  • Health
  • Lifestyle
  • News
  • Opinion
  • Politics
  • Sports
  • Technology
  • Uncategorized

Entertainment

FDA issues alert on two eyedrops which have killed patients in US
Health

FDA issues alert on two eyedrops which have killed patients in US

22 hours ago
0
  • ABOUT US
  • CONTACT
  • ADVERTISE

© 2023 Top Media Group - Powered by BackUp Data Systems

No Result
View All Result
  • Home
  • Politics
  • News
  • Business
  • Health
  • Entertainment
  • Sports
  • Lifestyle
  • Education
  • Opinion

© 2023 Top Media Group - Powered by BackUp Data Systems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In