Pentagon’s Vulnerability Disclosure Pilot Program Draws Interest From Defense Contractors

Pentagon’s Vulnerability Disclosure Pilot Program Draws Interest From Defense Contractors
Defense Industrial Base Vulnerability Disclosure Program Pilot

The Department of Defense’s Cyber Crime Center has begun a pilot program to allow hackers to share the vulnerabilities they find in systems operated by companies in the defense industrial base, Nextgov reported Monday.

DC3 collaborated with the Defense Counterintelligence and Security Agency to launch the 12-month Defense Industrial Base Vulnerability Disclosure Program Pilot in response to a recommendation from a feasibility study carried out by Carnegie Mellon University’s Software Engineering Institute.

“The program received numerous applicants,” a spokesperson for DC3 told Nextgov. “However, during this initial launch pilot, we will be moving forward with a few dozen” defense contractors.

Under the DIB-VDP Pilot, the cyber center will act as a link between companies and security researchers, validate and prioritize the vulnerability reports from more than 2,000 participating researchers and offer guidance to companies to help them remediate the identified vulnerabilities. DC3 will also have the authority to declare whether those reports are considered resolved.

The pilot program’s HackerOne page listed websites, endpoints, services and other contractor network assets that are available for research.

“As of April 2021, security researchers have identified more than 30,000 potential exploits for DoD’s systems. The expansion of vulnerability research to participating DoD contractor networks replicates the DoD’s’ success by making participating DoD contractor networks available for vulnerability research,” according to the HackerOne page.

Defense Cybersecurity ForumTo register for this virtual forum, visit the GovConWire Events page.

You may also be interested in...

Ed Sheehan President

CTC to Continue Supporting USAF Facilities Under New Contract Modification; Ed Sheehan Quoted

Concurrent Technologies Corp. has secured a contract modification to help the U.S. Air Force manage facilities and corresponding utility systems. The company said Tuesday it will continue to deliver subject matter expertise and program management services for USAF facilities under an existing five-year, $21 million contract.

RFCM test Navy

Navy Tests Airworthiness of BAE-Made RF Countermeasure Tech for P-8A Aircraft

The U.S. Navy has demonstrated the airworthiness of a BAE Systems-made prototype of a technology meant to provide the P-8A Poseidon aircraft with radio frequency defense. The pod-mounted radiofrequency countermeasure passed its airworthiness test while installed on the P-8A platform operated by Air Test and Evaluation Squadron or VX 20, Naval Air Systems Command said Friday.

Mk 18 Mod 2 UUV

Huntington Ingalls Subsidiary Books Potential $75M Navy UUV Payload Modernization IDIQ

A Huntington Ingalls Industries business unit has received a potential five-year, $74.7 million contract to help update payload for the U.S. Navy’s Mk 18 Mod 2 Kingfish unmanned underwater vehicles. HII’s Hydroid subsidiary will provide Increment II hardware for the Mk 18 Mod 2 UUV as part of the indefinite-delivery/indefinite-quantity award, the Department of Defense said Tuesday.