White hat hackers have completed the first round of ‘Hack DHS,’ the bug bounty program the US Department of Homeland Security launched last year in a push to develop a resilience model that government institutions nationwide can replicate.
In December 2021, Hack DHS invited vetted cybersecurity researchers and ethical hackers to a three-phase program to identify potential cybersecurity vulnerabilities in select external DHS systems.
450 researchers joined forces in the first stage of the program and reportedly identified 122 vulnerabilities, including 27 rated critical.
The fed awarded a total of $125,600 to participants for identifying these flaws, a comparatively small figure if we are to look at the awards handed out in bug bounty programs of Google and others.
DHS prides itself on becoming the first federal agency to expand its bug bounty program to find and report log4j vulnerabilities across all public-facing information system assets. This allowed the department to identify and close vulnerabilities not surfaced through other means, according to the announcement.
In the second phase of the program, researchers will participate in a live, in-person hacking event. The third phase will identify lessons learned and use that information to help in future bug bounty programs across the US.
“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS Chief Information Officer Eric Hysen. “We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”
In December, DHS said the newly launched bug bounty program was an example of how the Department was partnering with the community to help protect Americans from cybercrime.