The Department of Defense’s Cyber Crime Center has begun a pilot program to allow hackers to share the vulnerabilities they find in systems operated by companies in the defense industrial base, Nextgov reported Monday.
DC3 collaborated with the Defense Counterintelligence and Security Agency to launch the 12-month Defense Industrial Base Vulnerability Disclosure Program Pilot in response to a recommendation from a feasibility study carried out by Carnegie Mellon University’s Software Engineering Institute.
“The program received numerous applicants,” a spokesperson for DC3 told Nextgov. “However, during this initial launch pilot, we will be moving forward with a few dozen” defense contractors.
Under the DIB-VDP Pilot, the cyber center will act as a link between companies and security researchers, validate and prioritize the vulnerability reports from more than 2,000 participating researchers and offer guidance to companies to help them remediate the identified vulnerabilities. DC3 will also have the authority to declare whether those reports are considered resolved.
The pilot program’s HackerOne page listed websites, endpoints, services and other contractor network assets that are available for research.
“As of April 2021, security researchers have identified more than 30,000 potential exploits for DoD’s systems. The expansion of vulnerability research to participating DoD contractor networks replicates the DoD’s’ success by making participating DoD contractor networks available for vulnerability research,” according to the HackerOne page.