Security News > 2021 > May > DOD Expands Vulnerability Disclosure Program to Web-Facing Targets
The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.
The program has been running on HackerOne since 2016 when the DOD's Hack the Pentagon initiative was launched and provides security researchers with means to engage with the DOD when they identify vulnerabilities in the department's public-facing websites and applications.
As part of the expanded scope, vulnerability hunters can probe all of DOD's publicly-accessible networks, along with industrial control systems, frequency-based communication, and Internet of Things assets, among others.
The bug bounty program is monitored by the DOD Cyber Crime Center and has received more than 29,000 vulnerability reports since its inception in 2016.
As hackers begin to identify vulnerabilities that could not be reported before, DOD expects to see a sharp increase in the number of submissions.
The expansion comes roughly one month after DOD launched the Defense Industrial Base Vulnerability Disclosure Program pilot on HackerOne, seeking to identify vulnerabilities in participating DoD contractors' assets.