The Pentagon unveiled that last year it received more vulnerability disclosure reports from ethical hackers than ever.
The Defense Department’s Cyber Crime Center (DC3) released numbers from its Vulnerability Disclosure Program, showing the agency processed 4,013 vulnerability reports, 2,836 of which led to mitigation activities. According to a statement, 8% of all submissions were labelled as critical or high severity, CyberScoop reports.
“It was our busiest year to date with a staggering 21.7% increase of submitted reports from 2017,” the report reads.
The program, which invites security researchers to poke holes in the Pentagon’s defensive mechanisms, launched in 2016. Since then, the Department of Defense announced its intention to pour another $34 million into expanding the program.
Among other shortcomings, the report suggests VPN exploits were most severe this year. “We also see unpatched and exploitable content management servers such as DotNetNuke, WordPress, and even vBulletin with vulnerabilities ranging from simple reflected cross-site scripting and Denial of Service all the way to remote command execution,” the report further notes.
The ethical hacking trend doesn’t stop with the Pentagon, though.
Breach disclosure platform HackerOne recently revealed it has also been experiencing an exponential boom in vulnerability reports, handing out nearly $40 million in bug bounties in the last year alone.