Security News > 2021 > May > DOD expands bug disclosure program to all publicly accessible systems
US Department of Defense officials today announced that the department's Vulnerability Disclosure Program has been expanded to include all publicly accessible DOD websites and applications.
DOD's VDP is led by the Department of Defense Cyber Crime Center, and it allows security researchers to search for and report any vulnerabilities affecting public-facing DOD information systems.
More than 30,000 reports submitted via DOD's VDP. Since it was officially established in 2016, over 30,000 vulnerability reports have already been submitted through this program, with more than 70% of them containing a valid bug impacting DOD systems.
The DOD used information collected through the bug bounty program to strengthen the security of the US DoD Information Network.
In collaboration with the Defense Counterintelligence Security Agency, the DoD Cyber Crime Center launched a 12-month Defense Industrial Base Vulnerability Disclosure Program pilot in April for defense industrial base companies.
"The expansion of vulnerability research to participating DoD contractor networks replicates the DoD's' success by making participating DoD contractor networks available for vulnerability research," DoD's Cyber Crime Center explains.