Federal Operatives Launch “ONLINE TEST” – Immediately Find Something Strange
(StraightNews.org) – The US government establishes contracts with tens of thousands of different companies every year to source weapons, technology, and data. In this vast pool of contractors, however, lies an enormous number of vulnerabilities hackers could use to access and attack the US government. With this in mind, the Department of Defense (DOD) program just wrapped up its first year in operation and detailed a multitude of weaknesses with government vendors when it comes to cybersecurity.
On Monday, May 2, the DOD’s Cyber Crime Center announced its Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) concluded in April. It used ethical hackers to assess the vulnerabilities among different contractors that work with the government. C4ISRNET shared the number of participants in the program:
The campaign launched in April 2021 with 14 participating companies and 141 publicly accessible assets to probe. Interest quickly ballooned; 41 companies and nearly 350 assets were eventually admitted. https://t.co/O849dVj1hf
— C4ISRNET (@C4ISRNET) May 3, 2022
The program produced 1,015 issues that sifted out into 401 actionable reports an analyst team will validate, triage, and mitigate in order to protect our defenses moving forward. Alex Rice, HackerOne co-founder and chief technology officer, armed with this information, emphasized that “every organization should prioritize securing their software supply chain” in order to protect national security.
With so many vendors to choose from, it’s not too surprising there were some security leaks among them. However, that’s also now where healthy competition in the marketplace comes in.
Copyright 2022, StraightNews.org