Log4J added the DHS bounty bug program

Log4J added the DHS bounty bug program

Director of Cybersecurity and Infrastructure Security Group (CISA) Jen East and Homeland Security Secretary Alejandro Mayorkas to name extension of the bounty bug program “Hack DHS”, noting on Twitter that it will now include Log4J-related vulnerabilities.

“We opened our HackDHS bounty bug program to detect and capture Log4j-related vulnerabilities in our systems," said River. "Many thanks to the research community participating in this program. Log4j is a global threat and some of the best in the world are good at helping us keep orgs safe. "

On December 14, the Department of Homeland Security announced the bug bounty program as a way to identify cybersecurity and vulnerabilities in their systems. They gave “vetted” cybersecurity researchers access to “select external DHS systems” and asked them to detect bugs.

Secretary Alejandro Mayorkas named DHS the "federal government's cybersecurity quarterback" and said the program "encourages skilled hackers to identify cybersecurity vulnerabilities in our systems before they can exploit rogues."

“This program is one example of how the Department is engaging with the community to help protect the cybersecurity of our Country,” Mayorkas said.

At first glance of the program, DHS expected the bug bounty attempt to occur in three different stages in 2022. As soon as the hackers completed a meaningful evaluation of side-by-side systems outside of DHS, they will be invited to participate in a live program, inside a person's hockey event.

In the final stage DHS was taking the recommendations and planning for the next bug bounty programs. DHS intends to make the program something that any government agency could do.

READ  Khonsari ransomware Nemesis Kitten exploits a Log4j vulnerability

"The DHS Hack, which takes forward a platform created by the Department's Cybersecurity and Infrastructure Security Agency (CISA), will be governed by a number of communication rules and monitored by the DHS Office of the Chief Intelligence Officer. Hackers will publish the their results to the owners' DHS system and leadership, including how vulnerable it is, how they exploited it, and how it could allow other actors to gain information, "DHS explained.

"The result for identifying each beast is determined using a sliding scale, with hackers earning the highest bounties for identifying the worst lice. DHS Hack builds on best practices learned from similar initiatives, widely applied across the private sector and the federal government., such as the Department of Defense's 'Hack the Pentagon' program. "

This is not the first bounty bug program run by DHS. They ran a pilot program of the effort in 2022 after legislation was passed thanks to the bipartisan coalition behind the SECURE Technology Act. DHS explained that the law allows them to pay selected people to evaluate DHS systems by mimicking the behavior of hackers.

Related Posts

Deja una respuesta

Tu dirección de correo electrónico no será publicada.


We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information