Bug Bounty: US Govt Offers Up To $5,000 To Hackers To Identify Cybersecurity Vulnerabilities In System

NEW YORK: The Department of Homeland Security (DHS) is creating a “bug bounty” programme, which could pay out thousands of dollars to hackers who assist the department in identifying cybersecurity flaws in its systems.

Homeland Security Secretary Alejandro Mayorkas stated Tuesday that DHS will pay between $500 and $5,000 based on the severity of the vulnerability and the impact of the remedy.

“It’s a modest amount of money, but we think it’s significant,” he said at the Bloomberg Technology Summit. “We’re putting a lot of money, as well as attention and emphasis, into this programme.”

According to DHS, hackers will win the greatest prizes for uncovering the most serious bug.

ALSO READ: US Federal Informants Committed Over 22,800 Crime; FBI, Other Agencies Paid $548 Million To Them

Some private companies provide substantially larger rewards for revealing vulnerabilities. Apple, for example, gives rewards ranging from $25,000 to $1 million, while Microsoft offers up to $200,000.

The news comes only one day after senior Biden administration cyber officials warned that hackers are taking advantage of a newly discovered software flaw.

The flaw is in Java-based software known as “Log4j,” which is used by big businesses, including some of the world’s largest IT firms, to setup their applications.

During a call with executives from key US sectors on Monday, Jen Easterly, director of the DHS Cybersecurity and Infrastructure Security Agency, said the “vulnerability is one of the most dangerous that I’ve seen in my whole career, if not the most serious.”

ALSO READ: REvil Members Under Scanner: FBI Confiscates Bitcoin Worth Rs 17 Cr From Russian Hacker Involved in Ransomware

According to Mayorkas, as part of the “Hack DHS programme,” the agency will validate the vulnerability within 48 hours and either patch it within 15 days or, if necessary, establish a remediation plan within 15 days.

The initiative will be available to verified cybersecurity researchers who have been granted access to select external DHS systems.

The “Hack DHS” operation will be carried out in three stages. Hackers will first undertake virtual assessments, followed by a live, in-person hacking session. According to the government, during the third phase, DHS will identify and assess lessons learned, as well as plan for future bug bounties.

When asked if this programme will be continued in future administrations, Mayorkas stated that if it proves beneficial, “we will continue the programme for as long as we can.”

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube