(Bloomberg) — The U.S. Department of Homeland Security announced a new program Tuesday where the agency will pay outside hackers to find vulnerabilities in its computer systems, a type of incentive popular in the cybersecurity industry that is known as a “bug bounty.”
DHS Secretary Alejandro Mayorkas is unveiling his agency’s “Hack DHS” program at the Bloomberg Technology Summit. Unlike many bug bounties, which are open to anyone, DHS said in a statement that its program would include only “vetted cybersecurity researchers who have been invited to access select external DHS systems.” Any vulnerabilities they find would then be fixed, and the researchers would be rewarded with financial prizes. DHS didn’t specify the amount of the potential awards.
“As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” Mayorkas said in the statement. “The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”
Once a novelty, hundreds of organizations around the world now have bug bounty programs, according to a list maintained by Bugcrowd, a San Francisco-based company that helps manage them. Such programs allow companies to better secure their products and cybersecurity researchers to make money from identifying weaknesses in companies’ technologies and networks.
More stories like this are available on bloomberg.com
©2021 Bloomberg L.P.