Mary-Louise Hoffman
Forty-one companies took part in a pilot program the Department of Defense and HackerOne facilitated over the past 12 months to help participants identify cybersecurity weaknesses on publicly accessible systems.
Volunteers with 348 systems signed up for the Defense Industrial Base-Vulnerability Disclosure Program and 288 security researchers at HackerOne offered 401 actionable reports to asset owners, the DOD Cyber Crime Center said Tuesday.
The Software Engineering Institute at Carnegie Mellon University conducted the feasibility study of DIB-VDP with only 20 entities.
“The pilot intended to identify if similar critical and high severity vulnerabilities existed on small to medium cleared and non-cleared DIB company assets with potential risks for critical infrastructure and U.S. supply chain,” said interim VDP Director Melissa Vice.
Alex Rice, co-founder and chief technology officer of HackerOne, urged organizations to prioritize software supply chain security and said he believes the pilot initiative demonstrates the effectiveness of vulnerability disclosure programs for federal agencies and contractors.
The Defense Counterintelligence and Security Agency supported the DIB-VDP pilot and plans to coordinate with the facilitators to examine the possibility of making the program permanent.
ExecutiveBiz will host a virtual forum on May 17 to provide the GovCon community an insight into the Pentagon’s software modernization priorities. Sign up for the Defense Software Modernization Forum to hear from defense officials and industry executives.
