Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Benedict Collins

US Department of Defense claims to have flushed out 50,000 vulnerabilities with bug bounty program

Security Bug.

The US Department of Defense (DoD) passed the significant milestone of logging more than 50,000 vulnerabilities through its vulnerability disclosure program (VDP).

The VDP was launched in November 2016 by the DoD Cyber Crime Center (DC3), and logged the 50,000th bug bounty on the March 15 2024.

The DC3 VDP program incentivises white-hat hackers to find bugs and vulnerabilities in DoD websites and applications by rewarding them depending on the severity of the vulnerabilities they discover.

50,000 potential avenues of attack patched

DC3 has gradually enhanced the efficiency of bug reporting and tracking over the program's lifetime, with the Vulnerability Report Management Network being launched in 2018, introducing automation to the reporting process.

In a public statement to mark the occasion, DC3 said, “The program’s advancement has enabled VDP to expand their mitigative scope to not only process findings on DoD websites and applications, but to include all publicly accessible and/or available information technology assets owned and operated by the Joint Force Headquarters DoD Information Network.”

The reward offered to ethical hackers who successfully identify vulnerabilities is expected to be significantly lower than the financial impact a potential breach could have on the DoD. In fact, 2021 saw DC3 launch a 12 month program with the Defense, Counterintelligence & Security Agency to boost the security of SMEs in the Defense Industrial Base (DIB).

According to the DC3, the initiative “saved taxpayers an estimated $61m by discovering and remediating more than 400 active vulnerabilities and Controlled Unclassified Information exfiltration threats by adversaries on DIB participants’ public-facing assets.”

The DoD also holds a hackathon known as 'Hack the Pentagon' that offers ethical hackers the opportunity to seek out bugs in other critical areas of national defense such as the Army, Marine Corps, and Air Force.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.