The US Department of Homeland Security (DHS) has launched a bug bounty program inviting selected security researchers to test for vulnerabilities in its systems.
Dubbed ‘Hack the DHS’, the program will include three different phases – a pen test, a live hacking event, and a detailed review process.
A statement from the DHS explains: “Hack DHS will occur in three phases throughout Fiscal Year 2022, with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience.
“During phase one, hackers will conduct virtual assessments on certain DHS external systems. During the second phase, hackers will participate in a live, in-person hacking event.
“During the third and final phase, DHS will identify and review lessons learned, and plan for future bug bounties.”
Rules for engagement
The testing will be governed by “several rules of engagement” and will be monitored by the DHS Office of the Chief Information Officer.
Researchers will be rewarded financially for their findings, with the amount for identifying each bug determined by using a sliding scale, with hackers earning the highest bounties for identifying the most severe bugs.
Hack the DHS builds on best practices learned from similar, widely implemented initiatives across the private sector and the federal government, such as the Department of Defense’s ‘Hack the Pentagon’ program, the DHS noted.
Source: https://portswigger.net/daily-swig/us-government-launches-hack-the-dhs-bug-bounty-program