$500 to $5,000 reward from the US government to hackers who will detect cybersecurity vulnerabilities
Award for hackers from the US government
The US Department of Homeland Security (DHS) is launching a Bug Bounty program, which will give thousands of dollars to hackers to help detect cybersecurity vulnerabilities in their systems.
According to CNN, US Secretary of Homeland Security Alejandro Majorkas announced that the department will pay between $500 and $5,000 depending on the severity of the vulnerability and the impact of the remediation.
In his speech at the Bloomberg Technology Summit, Majorkas said, “This is scalable money, but we find it very important. “We’re really investing a lot of money into this program, but also focusing attention,” he said.
The minister stated that hackers who detect the most serious bugs will receive the highest rewards.
Some private companies give hackers much higher rewards for revealing vulnerabilities.
Apple awards $25,000 to $1 million, while Microsoft offers up to $200,000.
The announcement comes a day after senior officials in the administration of US President Joe Biden warned that hackers were exploiting an emerging software vulnerability.
“A vulnerability is one of the most dangerous things I’ve seen in my entire career, if not the most serious,” warned Jen Easterly, Director of the Cybersecurity and Infrastructure Agency (CISA). According to Majorkas, under the ministry’s new program, the vulnerability will be verified within 48 hours, fixed within 15 days or, if necessary, a remediation plan will be developed within a 15-day period.
When asked whether the program will continue in the next administrations, Majorkas replied, “We will continue the program as much as possible if it is useful.”
Katie Moussouris, founder and CEO of Luta Security, welcomed the move, but expressed concerns about the program’s timeline. Speaking to CNN, Moussouris said: “It’s great that the ministry is working with hackers and welcoming their findings. However, time-based bug bounty programs do not provide consistent security improvements. “It’s time for the government to mature its bug bounty programs for vulnerability and measurable security consequences.”