The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed “Hack DHS” that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems.
As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems, said DHS Secretary Alejandro N. Mayorkas.
The Hack DHS program incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors. This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity.
The new bug bounty program will use a platform developed by the Cybersecurity and Infrastructure Security Agency (CISA) and will be monitored by the DHS Office of the Chief Information Officer.
Researchers who report security vulnerabilities as part of the Hack DHS program will be able to win monetary rewards of up to $5,000, depending on the flaw’s severity.
Hackers enrolled in the program will be required to disclose their findings and detailed info on the vulnerability, how attackers can potentially exploit it, and how threat actors could use it to access information from DHS systems.
The DHS will verify all reported security flaws within 48 hours and fixed in 15 days or more, depending on the bugs’ complexity.