Security News > 2022 > April > 'Hack DHS' bug hunters find 122 security flaws in DHS systems
The Department of Homeland Security today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity.
DHS awarded a total of $125,600 to over 450 vetted security researchers and ethical hackers, with rewards of up to $5,000 per bug, depending on the flaw's severity.
"The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited," said DHS Chief Information Officer Eric Hysen.
DHS launched its first bug bounty pilot program in 2019, two years before 'Hack DHS,' after the SECURE Technology Act was signed into law, requiring the establishment of a security vulnerability disclosure policy and a bounty program.
All reported security flaws are then verified by DHS security experts within 48 hours and are fixed in 15 days or more, depending on the bug's complexity.
One week after the launch, the DHS expanded the scope of the 'Hack DHS' bounty program to allow researchers to track down DHS systems impacted by Log4j-related vulnerabilities.