Security News > 2022 > April > Homeland Security bug bounty program uncovers 122 holes in its systems

Homeland Security bug bounty program uncovers 122 holes in its systems
2022-04-25 19:55

The first bug bounty program by America's Homeland Security has led to the discovery and disclosure of 122 vulnerabilities, 27 of which were deemed critical.

In total, more than 450 security researchers participated in the Hack DHS program and identified weaknesses in "Select" external Dept of Homeland Security systems.

DHS did not immediately respond to The Register's questions about the bugs found and fixed through Hack DHS. The department announced the program in December and modeled it after the Department of Defense's Hack the Pentagon as well as private bug bounty efforts, such as those run by Amazon, Microsoft, Google, and virtually every other major technology company.

Hack DNS followed a pilot bug bounty program that the department trialed in 2019 as part of the SECURE Technology Act.

Meanwhile Microsoft recently said it will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program.

The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," according to the Redmond software goliath.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/25/dhs_bug_bounty/