"DoD Launches New Security Vulnerability Pilot"

The US Department of Defense (DoD) launched a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks and improve digital hygiene. According to HackerOne, any information submitted under the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) will be used for the mitigation or remediation of vulnerabilities present in DoD contractor information systems, networks, or applications. However, the information provided under the program will not be used for offensive tools or capabilities. Security researchers are invited to identify weaknesses in DoD contractor networks and provide details about the vulnerability, covering the product, version, configuration of the software in which the vulnerability exists, how to reproduce the issue, how to mitigate or remediate the vulnerability, and more. Every disclosure will be investigated thoroughly, and appropriate steps will be taken to mitigate and remediate all vulnerabilities identified and properly reported by participating security researchers. Since the launch of the DIB-VDP, 124 reports of vulnerabilities have been received, and 27 researchers have been thanked for their discoveries. This article continues to discuss the purpose, actions, and current progress of the DIB-VDP. 

Security Magazine reports "DoD Launches New Security Vulnerability Pilot"