Pentagon uses crowd to plug security gaps

By Dylan Bushell-Embling
Thursday, 16 February, 2017

Pentagon uses crowd to plug security gaps

A team of around 80 ethical hackers have uncovered critical vulnerabilities in the US Department of Defense’s critical systems as part of the ongoing Hack the Pentagon program.

The hackers, vetted and led by crowdsourced penetration testing and bug bounty company Synack, carried out vulnerability testing on a simulated version of the mechanism Defense uses to send sensitive emails, documents and images between networks.

In a blog post, Synack co-founder and CTO Mark Kuhr said within a matter of hours of commencing work on the project, the team was uncovering and reporting critical vulnerabilities.

The exercise forms part of a three-year, $4 million contract awarded to Synack by Defense in September last year to carry out bug bounty tracking across the Pentagon. The team consisted of security researchers from the US, as well as Australia, Canada and the UK.

“When Jay [Kaplan, co-founder of Synack] and I were at the NSA, we saw firsthand that adversaries were swimming through our networks with ease. In many cases, they used known vulnerabilities as their points of entry, but in others they leveraged common vulnerabilities that should have been discovered by a testing team,” Kuhr wrote.

“Traditional solutions leave undiscovered vulnerabilities on the table. We knew that if we united a crowd of talented security researchers, and enabled them with proprietary vulnerability intelligence technology, we could provide an adversarial perspective on a system’s security that would uncover those ‘unknown’ vulnerabilities.”

He said the project highlights growing awareness of the value of crowdsourcing for finding and addressing vulnerabilities.

“With even the most sophisticated security organisations like the Pentagon realising the value of crowd security intelligence, we know that we are on the brink of disruption,” Kuhr said. “We cannot wait to see what comes next.”

Image courtesy of gregwest98 under CC

Follow us on Twitter and Facebook

Related News

DocuSign eSignatures receive 'Protected' IRAP assessment

DocuSign has received 'Protected' assessment for DocuSign eSignature from the Australian...

Atos added to DTA Software Marketplace

Atos identity and access management and smart logistics software has been added to the Digital...

2000 hacked SA drivers urged to change licence number

More than 2000 SA residents may have to change their driver's licence number after their mySA...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd