Security News > 2024 > March > US Defense Dept received 50,000 vulnerability reports since 2016
The Cyber Crime Center of the U.S. Department of Defense says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.
The federal agency launched its Vulnerability Disclosure Program 7.5 years ago following a bug bounty event called 'Hack-the-Pentagon,' to engage crowd-sourced vulnerability reports that could help bolster its cyber defenses.
"Through its function as the focal point for receiving vulnerability reports, DC3 VDP continues to contribute significantly to DoD's overall security."
In 2021, DC3 and the Defense Counterintelligence and Security Agency worked together in a special 12-month program that led to discovering and mitigating 400 significant security flaws, saving taxpayers a reported $61 million.
Regarding VDP's success in 2023, though the agency has not released its annual report yet, based on the fact that it announced reaching the 45,000 flaw reports milestone exactly a year ago, it can be deduced that 5,000 reports were processed last year.
DoD's bug bounty program on HackerOne shows that the agency has resolved over 27,000 issues in total, while receiving 1,231 reports in the last 90 days.