DOD’s Vulnerability Disclosure Program Spikes Up in Demand

A Defense Department Unit Kicked off a Pilot Program to allow hackers to report vulnerabilities in the system. The systems operated by a dozen of defense-industrial-base -companies will fall under the working space of the hackers, said a report on Monday.

“The Program received numerous applicants,” a spokesperson for Defense’s Cyber Crime Center told Nextgov. “However, during this initial launch pilot, we will be moving forward with a few dozen.”The pilots would have the full supporting hand of the DC3, which would enact as an intermediary between the researchers the DIB companies. A lot of the work performed under the vulnerability disclosure program usually involves validating and prioritizing the reports submitted by more than 2,000 enthusiastic researchers around the globe.

However, the DC3 will still have the power to consider vulnerability reports closed. The officials involved in the matter said that they would contemplate plans of actions and milestones when they decide to enact their power. The spokesperson would not disclose the exact number of companies participating in the drive. DC3 continues to be impressed by the interests shown by the DIB companies. The enhancement of cybersecurity would be next level this time around, claims the officials.

The exact assets within the scope of the Program are listed on the HackerOne page for the Program. They include several websites but also services and endpoints. In case the security researchers refrain from testing for denial of service attacks, the participating companies promise not to pursue prosecution under the 1986 Computer Fraud and Abuse Act.

The DOD’s vulnerability program that got installed four years ago didn’t get much coverage which urged the need for a DC3 pilot. While laying the groundwork for the new pilot, the researchers discovered that 94% of the Fortune 2000 companies have yet to set up a free VDP to allow hackers to share the flaws found in the systems.