Pentagon is far too tight with its security bug bounties

2022-09-29 21:27

According to bug bounty platform HackerOne and the DoD, the Hack US initiative received 648 submissions from 267 security researchers who uncovered 349 security holes.

The Pentagon didn't say how many bug hunters received rewards, or how much they each earned.

"The most successful bug bounty programs strike an even balance between monetary and social benefits," Google's Eduardo Vela, who leads the Product Security Response Team, told The Register.

"For bug hunters, there must be a monetary incentive to get them to participate - but, there's also value in creating a space where folks can get together, connect with one another, and hack as a team. Bringing together the top bug hunters requires both - one without the other is not enough."

"The overall security strategy around US government bug bounties really hasn't evolved past playing whack-a-bug, and needs to evolve beyond discussions of bounty price," Moussouris told The Register.

"Where is the ongoing investment in people, processes, and technology to address or prevent most of these security holes before a bug bounty hunter can find them?".

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/29/pentagon_bug_bounty/

#bugbounties #pentagon #security