Security News > 2021 > May > Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty
The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program.
The bug bounty system had only been aimed at websites but now Kristopher Johnson, director of its Vulnerability Disclosure Program, has said "Websites were only the beginning as they account for a fraction of our overall attack surface" and urged the infosec community to take a wider view.
Amazon fake reviews site storage bucket left unlocked.
The open database, discovered by antivirus blog SafetyDetectives, exposed 13,124,962 messages between Amazon vendors and those willing to pump up their reviews.
Thankfully the boffins didn't pay up and reconstructed infected systems after a total wipe, but it meant they lost a week of data and projects were significantly hurt.
The student in question cooperated fully with the investigation and is presumably dreading their next performance review.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/10/in_brief_security/
Related news
- Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors (source)
- Google paid $10 million in bug bounty rewards last year (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)