CISA launches platform to let hackers report security bugs to US federal agencies

The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies.

The platform, launched with the help of cybersecurity companies Bugcrowd and Endyna, will allow civilian federal agencies to receive, triage and fix security vulnerabilities from the wider security community.

The move to launch the platform comes less than a year after the federal cybersecurity agency, better known as CISA, directed the civilian federal agencies that it oversees to develop and publish their own vulnerability disclosure policies. These policies are designed to set the rules of engagement for security researchers by outlining what (and how) online systems can be tested, and which can’t be.

It’s not uncommon for private companies to run VDP programs to allow hackers to report bugs, often in conjunction with a bug bounty to pay hackers for their work. The U.S. Department of Defense has for years warmed to hackers, the civilian federal government has been slow to adopt.

Bugcrowd, which last year raised $30 million at Series D, said the platform will “give agencies access to the same commercial technologies, world-class expertise, and global community of helpful ethical hackers currently used to identify security gaps for enterprise businesses.” Bugcrowd founder Casey Ellis told TechCrunch that the directive is “another watershed moment for the role that hackers play as the Internet’s Immune System. Bugcrowd team is incredibly proud to partner with CISA/DHS on taking this initiative forward with the US government.”

The platform will also help CISA share information about security flaws between other agencies.

The platform launches after a bruising few months for government cybersecurity, including a Russian-led espionage campaign against at least nine U.S. federal government agencies by hacking software house SolarWinds, and a China-linked cyberattack that backdoored thousands of Microsoft Exchange servers, including in the federal government.

Related Stories

Discover

‘Whatever it takes’, UK’s Johnson warns EU over post-Brexit...

World7 minutes ago (Jun 12, 2021 09:57AM ET) 2/2 (C) Reuters. Britain's Prime Minister Boris Johnson...

Toshiba board to hold emergency meeting on Sunday, sources...

Stock Markets40 minutes ago (Jun 12, 2021 09:25AM ET) (C) Reuters. FILE PHOTO: The logo...

Chile shuts capital Santiago once more as vaccines fail...

World49 minutes ago (Jun 12, 2021 09:15AM ET) (C) Reuters. FILE PHOTO: A woman walks...

UBS investment makes Byju’s the most valuable startup in...

Edtech giant Byju’s has become the most valuable startup in India after raising about...

U.S. screens 2.02 million airport passengers Friday – highest...

Stock Markets11 minutes ago (Jun 12, 2021 08:55AM ET) (C) Reuters. FILE PHOTO: Travelers go...

Exclusive-Macron offers UK’s Johnson ‘Le reset’ if he keeps...

Forex10 minutes ago (Jun 12, 2021 04:55AM ET) (C) Reuters. Britain's Prime Minister Boris Johnson...

Popular Categories