The Department of Homeland Security’s Hack DHS program successfully concludes the first bug bounty program. For the program, vetted cybersecurity researchers and ethical hackers are invited to detect potential vulnerabilities in select external DHS systems. During the first phase, over 460 security experts identified 112 vulnerabilities. 27 of these vulnerabilities are determined to be critical.
Total award $125,600
Participants were awarded a total of $125,600 for identifying the verified vulnerabilities. DHS became the first federal agency to expand its bug bounty program to find and report log4j vulnerabilities. Hack DHS, launched in December of 2021, is developing a model which can be used by organizations at every level of government that is interested in increasing their cybersecurity resilience.
In the second phase of the three-phase program, experts will participate in a live, in-person hacking event. In the final phase, DHS will identify lessons learned, including to inform future bug bounty programs. Alejandro N. Mayorkas, Secretary of Homeland Security said,
« Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity. Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats. »