Friday, January 27, 2023
  • Chainguard Unveils Memory-Safe Linux Distribution
  • ‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
  • The Top 8 Phishlabs Competitors for 2023
  • Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – ‘#226 – Black, White and Gray’
  • Love Is in the Air — And So Are API Threats

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » Dozens of Vulnerabilities Found Under Hack the DTS Bug Bounty Program

SBN

Dozens of Vulnerabilities Found Under Hack the DTS Bug Bounty Program

by David Bisson on May 31, 2018

The Hack the DTS bug bounty program uncovered dozens of vulnerabilities in the Defense Travel System serving the Department of Defense.

TechStrong Con 2023Sponsorships Available

On 30 May, vulnerability coordination platform HackerOne revealed the results of Hack the DTS. Nineteen trusted security researchers participated in the 29-day program and submitted 100 vulnerability reports over the course of the exercise. Their findings uncovered 65 unique security weaknesses in the Defense Travel System, which facilitates the travel requirements of the U.S. Department of Defense (DoD). Nearly half (28 bugs) contained a high or critical severity warning.

For helping to make the DTS more secure, the researchers received $78,650 in reward money.

Hack the DTS proceeded under the auspices of Hack the Pentagon, one of the 10 essential bug bounty programs of 2017. The Department of Defense partnered with HackerOne to run the pilot of Hack the Pentagon in the spring of 2016. After the success of the program, DoD officials announced it would expand its contract with HackerOne to other departments. Hack the Army was the first of these initiatives, with Hack the DTS following approximately two years later..

Reina Staley, chief of staff and Hack the Pentagon program manager at Defense Digital Service, said she’s happy with the results of the Hack the DTS program. As quoted by BusinessWire:

Securing sensitive information for millions of government employees and contractors is no easy task. No system is infallible, and this assessment was the first time we employed a crowd-sourced approach to improve the security aspect of DTS. We’d like to thank the participating hackers for contributing their time to help us safeguard sensitive information.

Staley shared additional thoughts about working with white hat hackers in the video posted below.

The success of Hack the DTS underscores the value of bug bounty programs. It (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/government/dozens-of-vulnerabilities-found-under-hack-the-dts-bug-bounty-program/

May 31, 2018May 31, 2018 David Bisson bug bounty, government, Latest Security News, vulnerability
  • ← Channel Insider Interview: Driving Partner Profitability with a Gemalto Partnership
  • Rewriting History: A Brief Introduction to Long Range Attacks →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Russia-Linked Attackers Target US Nuclear Research Facilities
What is PSaaS and is it Worthwhile?
The Security Challenges of API Sprawl
Massive Tech Layoffs Continue to Increase Insider Risks for Enterprises
What Are Open Source Kubernetes Policy Engines? Why You Need One & How to Pick
Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security
Identity Verification for Neo Banking: Ensuring Security and Compliance
Multi-factor Authentication

Upcoming Webinars

Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | 4 days ago 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 3 hours ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 4 hours ago 0
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

January 27, 2023 Teri Robinson | 9 hours ago 0

Security Humor

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.