Security News > 2021 > April > US DoD Launches Vuln Disclosure Program for Contractor Networks
The United States Department of Defense this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base contractor networks.
Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program covers participating DoD contractor partner's information systems and web properties, as well as other assets within scope, and is separate from the DoD vulnerability disclosure program that already runs on HackerOne.
As part of the DIB-VDP Pilot, DoD invites the HackerOne community to remotely test the participating DoD contractors' assets and report on any identified vulnerabilities.
Interested researchers are prohibited from doing any harm to the vulnerable systems, from accessing or exfiltrating data, from compromising the privacy or safety of DoD or the contractor, as well as from sharing any information with third parties.
"Any information submitted to the DIB-VDP under this program will be used for defensive purposes - to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications. This research is not contributing to offensive tools or capabilities," the program's policy reads.
Ionut Arghire is an international correspondent for SecurityWeek.