The heart of tech

This article was published on March 3, 2020


Hackers submitted a record number of bug reports to the Pentagon in 2019

The Pentagon wants even more white-hatters to join its program

Hackers submitted a record number of bug reports to the Pentagon in 2019
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

The Pentagon unveiled that last year it received more vulnerability disclosure reports from ethical hackers than ever.

The Defense Department’s Cyber Crime Center (DC3) released numbers from its Vulnerability Disclosure Program, showing the agency processed 4,013 vulnerability reports, 2,836 of which led to mitigation activities. According to a statement, 8% of all submissions were labelled as critical or high severity, CyberScoop reports.

[Read: Pentagon unveils toothless ethical principles for using AI in war]

“It was our busiest year to date with a staggering 21.7% increase of submitted reports from 2017,” the report reads.

The program, which invites security researchers to poke holes in the Pentagon’s defensive mechanisms, launched in 2016. Since then, the Department of Defense announced its intention to pour another $34 million into expanding the program.

Among other shortcomings, the report suggests VPN exploits were most severe this year. “We also see unpatched and exploitable content management servers such as DotNetNuke, WordPress, and even vBulletin with vulnerabilities ranging from simple reflected cross-site scripting and Denial of Service all the way to remote command execution,” the report further notes.

The ethical hacking trend doesn’t stop with the Pentagon, though.

Breach disclosure platform HackerOne recently revealed it has also been experiencing an exponential boom in vulnerability reports, handing out nearly $40 million in bug bounties in the last year alone.

Also tagged with