A Defense Department Unit Kicked off a Pilot Program to allow hackers to report vulnerabilities in the system. The systems operated by a dozen of defense-industrial-base -companies will fall under the working space of the hackers, said a report on Monday.
“The Program received numerous applicants,” a spokesperson for Defense’s Cyber Crime Center told Nextgov. “However, during this initial launch pilot, we will be moving forward with a few dozen.”The pilots would have the full supporting hand of the DC3, which would enact as an intermediary between the researchers the DIB companies. A lot of the work performed under the vulnerability disclosure program usually involves validating and prioritizing the reports submitted by more than 2,000 enthusiastic researchers around the globe.
The exact assets within the scope of the Program are listed on the HackerOne page for the Program. They include several websites but also services and endpoints. In case the security researchers refrain from testing for denial of service attacks, the participating companies promise not to pursue prosecution under the 1986 Computer Fraud and Abuse Act.
The DOD’s vulnerability program that got installed four years ago didn’t get much coverage which urged the need for a DC3 pilot. While laying the groundwork for the new pilot, the researchers discovered that 94% of the Fortune 2000 companies have yet to set up a free VDP to allow hackers to share the flaws found in the systems.