LinkedIn emplea cookies para mejorar la funcionalidad y el rendimiento de nuestro sitio web, así como para ofrecer publicidad relevante. Si continúas navegando por ese sitio web, aceptas el uso de cookies. Consulta nuestras Condiciones de uso y nuestra Política de privacidad para más información.
LinkedIn emplea cookies para mejorar la funcionalidad y el rendimiento de nuestro sitio web, así como para ofrecer publicidad relevante. Si continúas navegando por ese sitio web, aceptas el uso de cookies. Consulta nuestra Política de privacidad y nuestras Condiciones de uso para más información.
Distributed Defense: How Governments Deploy Hacker-Powered Security
Distributed Defense: How Governments
Deploy Hacker-Powered Security
More and more public sector agencies are recommending,
mandating, and using ethical hackers as a secret weapon
in their approach to cybersecurity.
Government Agencies Have Long Recommended
“All companies should consider
promulgating a vulnerability
ROD J. ROSENSTEIN, Deputy Attorney General,
U.S. Department of Justice
“Companies should communicate and
coordinate with the security research
FEDERAL TRADE COMMISSION
“Engage with researchers and the hacker
community in the reporting of vulnerabilities…”
MANIFESTO ON COORDINATED VULNERABILITY DISCLOSURE,
Global Forum on Cyber Expertise
“Manufacturers should also adopt a coordinated
vulnerability disclosure policy…”
U.S. FOOD AND DRUG ADMINISTRATION,
Postmarket Management of Cybersecurity in Medical Devices
See More Quotes Here
Now, They are Using it to Enhance Their Own Security
The European Commission recently selected HackerOne as the
platform for their first-ever bug bounty program.
The U.S. Department of Defense (DoD) has used HackerOne
Challenges at the Pentagon, the Army, the Air Force, and more.
Singapore's Ministry of Defence (MINDEF) engaged HackerOne for
the first crowd-sourced security initiative run by a government in
Hacker-Powered Security Helps Governments
Accelerate Their Security Efforts
Governments aren’t known for their speed, but using
hacker-powered security lets them move faster than
ever before to quickly improve their security posture.
The first-ever bug bounty challenge at the U.S. Department
of Defense had more than 250 vetted hackers identify
138 validated bugs in just 24 days!
Singapore’s Ministry of Defense used vetted hackers to
identify 35 unique bugs and earn $14,750 in just 3 weeks!
“The success of the program
helped us boost our cybersecurity
in a matter of weeks.”
Deputy Secretary (Special Projects)
and Defence Cyber Chief,
Singapore’s Ministry of Defence
Here’s How Fast Hacker-Powered Security
is for the DoD
“The return on investment is
incredible, both in terms of cost
and in terms of making
government assets more secure.”
Director of Air Force Digital Service
The U.S. DoD’s second challenge, Hack the Army, had
370 hackers report more than 400 bugs and earn over
$100,000 in 3 weeks. The very first report was
submitted within just 5 minutes!
Hack the Air Force was next, with two separate
challenges identifying more than 300 bugs in under
two months. The very first report was submitted just
1 minute after the challenge opened!
Hacker-Powered Security Saves Taxpayer Money
“If we had gone through the normal
process of hiring an outside firm to
do a security audit and vulnerability
assessment, which is what we usually
do, it would have cost us more than
U.S. Secretary of Defense
at the time of the program
Hacker-powered security enables governments to
utilize modern and cost effective security efforts. It’s
a proven approach to improving the security posture
of any agency or organization.
Here’s the math:
Estimated Cost of Their “Normal” Security Audit
and Vulnerability Assessment Process: $1,000,000
Amount Paid by DoD in 1 HackerOne Challenge: − $150,000
TAXPAYER MONEY SAVED: $850,000
These U.S. Military Agencies Trust HackerOne
Hack The Pentagon | HackerOne Challenge | April-May 2016
The U.S. Department of Defense made the move into
hacker-powered security with the first bug bounty
program for the federal government. Read more
Hack The Army | HackerOne Challenge | November-December 2016
Building on the Pentagon’s success, this program
targeted operationally significant websites including
those mission critical to recruiting. Read more
Hack the Air Force | HackerOne Challenge | May-June 2017 & December
2017 - January 2018
Expanded the Pentagon’s hacker-powered initiatives to
include non-U.S. participants and an increased bounty
budget. Read more
Hackers Registered 1,400+
First Report 13 minutes
Bounties Paid $75,000
Valid Reports 138
Hackers Participating 371
First Report 5 minutes
Bounties Paid $100,000
Valid Reports 118
First Report 1 minute
1. with 30 from outside U.S. 2. ($130,000+ $103,883) 3. (207 + 106)
The U.S. Department
of Defense Uses HackerOne
U.S. DEPARTMENT OF DEFENSE
HackerOne Response | Launched November 2016
After Hack the Pentagon, the DoD noticed bugs were
still being submitted, so they launched an
open-ended Vulnerability Disclosure Policy.
Hackers Participating 650+
Vulnerabilities Reported 3,000+
And These Global Government Agencies
Use HackerOne, Too
HackerOne Bounty | December 2017
The European Commission’s first ever bounty program,
designed to protect critical EU software in the aftermath of
the Heartbleed incident. Read more
HackerOne Challenge | January-February 2018
Singapore’s first crowd-sourced security initiative and the
first program of its kind by a government agency in Asia.
HackerOne Bounty | August 2017
The first-ever bug bounty program for a civilian federal
agency in the U.S. Read more
EU-Free and Open Source Software
Auditing (EU-FOSSA) Project
Singapore Ministry of Defence
(MINDEF) Bug Bounty Challenge
General Service Administration’s
Technology Transformation Service
Put a vulnerability disclosure policy (VDP) in place with HackerOne Response.
Check out HackerOne’s “VDP Basics”, a complete guide for crafting an effective vulnerability
disclosure policy. Or, learn more about HackerOne Response, a turnkey solution to help
organizations receive, respond to, and resolve security vulnerabilities discovered
Try a crowd-sourced penetration test with HackerOne Challenge.
HackerOne Challenge provides a private, turnkey program with a focused scope and a finite
length. It’s an easy way to dip a toe into hacker-powered security, and it’s cost-effective: hackers
are paid for valid results, not man-hours. That means hackers are incentivized to find the issues
with the biggest impact, which directly correlates to the most value to you and to them.
Start a continuous bug bounty program with HackerOne Bounty.
HackerOne Bounty enables agencies and organizations to leverage the power of the global hacker
community along with the expert services of HackerOne. Using internal resources, HackerOne’s
professional services team, or a combination of both, a continuous bug bounty program quickly
scales and expands the reach of every security team.
For Governments Getting Started is as Easy as 1-2-3
Get started by downloading an ebook
version of this presentation.
DOWNLOAD FREE EBOOK EMAIL US
Learn Why More Governments Choose HackerOne
Or, jump right in and talk with a
HackerOne representative today.