The program will allow hackers and security researchers to earn between $500 to $5,000 for identifying verified vulnerabilities.
The US Department of Homeland Security (DHS) has announced a new bug bounty program called Hack DHS. The program will allow hackers and security researchers to earn between $500 to $5,000 for identifying verified vulnerabilities in external DHS systems. The payments vary as per the severity of the issue.
DHS Looking to Strengthen Security
According to a statement from DHS secretary Alejandro N. Mayorkas, the DHS is the “cybersecurity quarterback” for the federal government. Therefore, the department has to lead by example and continuously strengthen the security of its systems.
“The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors,” Mayorkas explained.
Tech giants like Apple, Microsoft, and Google have offered bug bounty programs with much higher rewards. So, why’s that the DHS is offering such a low bounty? The reason, according to the department, is that Hack DHS isn’t an open bug bounty program, and its scope is limited to a relatively smaller team of researchers.
About Hack DHS
The department revealed that the Hack DHS program comprises three stages. In the first stage, hackers will perform a virtual assessment of their systems. The second stage will be a live, in-person hacking event.
The third stage involves identifying and reviewing the vulnerabilities/threats and planning for bug bounties plans to be offered. The program will be conducted on a specially designed platform by the US Cybersecurity and Infrastructure Security Agency (CISA).
Moreover, the program will be monitored by the DHS Office of the Chief Information Officer. The department will verify bugs within 48 hours. It will then develop a plan to fix them within 15 days or patch them right away, whichever is possible.