On Tuesday, the Department of Homeland Security (DHS) announced a bug bounty program called Hack DNS. Like other programs of this nature, the goal is for hackers to find and report bugs so they can be patched, and receive a reward for their efforts.
Hack DHS Program
The program will run in three phases in 2022:
- Phase One: hackers will conduct virtual assessments on certain DHS external systems
- Phase Two: hackers will participate in a live, in-person hacking event
- Phase Three: DHS will identify and review lessons learned, and plan for future bug bounties
Hackers will disclose their findings to DHS system owners and leadership, including what the vulnerability is, how they exploited it, and how it might allow other actors to access information. The bounty for identifying each bug is determined by using a sliding scale, with hackers earning the highest bounties for identifying the most severe bugs.
The agency hopes the program can serve as a model that can be used by other organizations across every level of government.
Secretary Alejandro N. Mayorkas: “As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems. The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.”