CISA launches platform to let hackers report security bugs to US federal agencies

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies.

The platform, launched with the help of cybersecurity companies Bugcrowd and Endyna, will allow civilian federal agencies to receive, triage and fix security vulnerabilities from the wider security community.

The move to launch the platform comes less than a year after the federal cybersecurity agency, better known as CISA, directed the civilian federal agencies that it oversees to develop and publish their own vulnerability disclosure policies. These policies are designed to set the rules of engagement for security researchers by outlining what (and how) online systems can be tested, and which can’t be.

It’s not uncommon for private companies to run VDP programs to allow hackers to report bugs, often in conjunction with a bug bounty to pay hackers for their work. The U.S. Department of Defense has for years warmed to hackers, the civilian federal government has been slow to adopt.

Bugcrowd, which last year raised $30 million at Series D, said the platform will “give agencies access to the same commercial technologies, world-class expertise, and global community of helpful ethical hackers currently used to identify security gaps for enterprise businesses.”

The platform will also help CISA share information about security flaws between other agencies.

The platform launches after a bruising few months for government cybersecurity, including a Russian-led espionage campaign against at least nine U.S. federal government agencies by hacking software house SolarWinds, and a China-linked cyberattack that backdoored thousands of Microsoft Exchange servers, including in the federal government.

More To Explore

GM extends Chevy Bolt EV production shutdown through mid-October

General Motors is extending the shutdown of its Orion Assembly Plant until at least mid-October as a result of a battery pack shortage related to the recently announced Chevy Bolt EV and EUV safety recall. Bloomberg first reported that the company intends to idle its plant through the week of October 11. “These most recent […]

Ready to take the plunge into the online world?

drop us a line and keep in touch