Government Business

Defense Digital Service Announced the Launch of DDS’s 11th Bug Bounty Program with HackerOne

The Defense Digital Service (DDS) and HackerOne today announced the dispatch of DDS's 11th bug abundance program with HackerOne and the third with the U.S. Branch of the Army. Hack the Army 3.0 is a period bound, programmer controlled security test pointed toward surfacing weaknesses so they can be settled before they are abused by foes. The bug abundance program is available to both military and regular citizen members and will run from January 6, 2021 through February 17, 2021.

Bug abundance programs, similar to Hack the Army 3.0, boost security examination and announcing of genuine security weaknesses in return for money related awards for qualified weaknesses and members. These projects are an industry best practice utilized by the most full grown associations across the world. By unveiling weaknesses to security groups, regular citizen and military programmers will help the U.S. Armed force secure digital resources and guard against cyberattacks. Hack the Army is one illustration of the Army and DoD's ability to seek after imaginative and nontraditional ways to deal with guarantee the capacity and security of individuals, organizations, and information.

"Bug bounty programs are a unique and effective 'force multiplier' for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals," said Brig. Gen. Adam C. Volant, U.S. Army Cyber Command Director of Operations. "By 'crowdsourcing' solutions with the help of the world's best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs."

“We are proud of our continued partnership with the Army to challenge the status quo in strengthening the security of military systems and shifting government culture by engaging ethical hackers to address vulnerabilities,” says Brett Goldstein, Director, Defense Digital Service. “We’re calling on civilian and military hackers to show us what they’ve got in this bug bounty and to help train the future force.”

Participation in the Hack the Army 3.0 bug abundance challenge is open by greeting just to regular citizen programmers and dynamic U.S. military individuals. Bug bounties might be offered to regular citizen programmers for substantial security weaknesses as indicated by the program strategy. Military and temporary worker staff are not qualified to get monetary prizes.

“We are living in a different world today than even just a year ago,” said Marten Mickos, CEO of HackerOne. “Amidst disinformation and a global health crisis, citizens are increasingly wary of how, when, and where their information is used. For years, the U.S. Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the U.S. Army is leading the charge with this latest challenge.”

DDS has been a harbinger in programmer fueled security testing since the time the dispatch of "Hack the Pentagon" in 2016. DDS's Hack the Pentagon group has executed 14 public bounties on outside confronting sites and applications, and ten private bounties on a scope of delicate, inside frameworks in the U.S. Branch of Defense (DoD). Instances of past private bounties incorporate coordinations frameworks, actual equipment, and faculty frameworks.

In partnership with DDS, HackerOne has launched more federal programs than any other hacker-powered security provider and is the only bug bounty platform that is FedRAMP authorized. Previous bug bounty challenges and results include: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Defense Travel System, Hack the Army 2.0, Hack the Air Force 3.0, Hack the Air Force 4.0, Hack the Proxy and Hack the Marine Corps. DDS also launched a Vulnerability Disclosure Program (VDP) for the DoD in 2016, which is now one of the most successful programs of its kind with hackers reporting over 20,000 security vulnerabilities to date. Hackers who become aware of any vulnerabilities can safely disclose them to the DoD at any time through this ongoing VDP with HackerOne.

About HackerOne

HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.

About Defense Digital Service

The Defense Digital Service was established by the U.S. Secretary of Defense in November 2015 as a SWAT team of nerds that provides the best in modern technical knowledge designed to bolster national defense. We are primarily based in the Pentagon, but we also have satellite offices in Augusta, Georgia and co-located at the Defense Innovation Unit in Mountain View, California. Our range of talent includes world-class software developers, designers, product managers, digital experts and bureaucracy hackers from both the private sector and within government.

Spotlight

Spotlight

Related News

Cybersecurity

ZeroFox Renews and Expands 8-Figure Contract with Critical U.S. Federal Agency

GlobeNewswire | October 25, 2023

ZeroFox, a leading provider of external cybersecurity, is proud to announce its continued partnership with a strategic U.S. federal agency focused on cybersecurity. This renewal marks the 9th continuous year of ZeroFox supporting critical cyber threat intelligence activities. The partnership originated between the agency and LookingGlass Cyber Solutions, which ZeroFox acquired in April earlier this year. This program supports thousands of users across more than 200 departments and agencies across federal, state, and local governments to provide cyber threat intelligence, attack surface Intelligence, and advanced security operations support. ZeroFox products are integrated into core operational systems, and are often the primary means of consuming Automated Indicator Sharing (AIS), required by all federal agencies. We’re proud to play a part in the federal government’s critical cybersecurity initiatives and support their mission to keep organizations safe with our threat intelligence and adversary disruption capabilities, said James C. Foster, Chairman and CEO of ZeroFox. This expansion further establishes ZeroFox as a trusted partner of federal agencies and demonstrates continued success in growing our large public sector and enterprise customer base. ZeroFox provides government organizations with critical visibility, deep intelligence, and automated protection necessary to identify and address threats outside the perimeter. Using a global data collection apparatus, artificial intelligence-based analysis, and automated remediation, ZeroFox products reduce risk, disrupt and dismantle attackers' infrastructure, and protect organizations against targeted nation-state-sponsored cyberattacks. The external attack surface for government agencies is ever-expanding with the proliferation of cloud- and internet-based applications, making it essential to have a complete picture of each agency’s digital risk, said Dan Smith, Vice President of Federal at ZeroFox. At ZeroFox, we strive to provide all of our federal customers with the intelligence they need to make informed decisions about how to best secure our nation and its people from external cyber threats. This renewal underscores that commitment – we’re proud to be a trusted partner of the federal government. About ZeroFox ZeroFox, an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries.

Read More

Emerging Technology

OPEXUS Government Process Management Platform eCASE® Attains StateRAMP Moderate Authorization

Business Wire | September 14, 2023

OPEXUS, formerly known as AINS, LLC, and leader in government process management software, today announces it has attained StateRAMP authorization for eCASE®, a built-for-government case management solution that streamlines workflows and accelerates key government processes. StateRAMP was established in 2020 to efficiently verify that service providers meet the cloud security standards required to do business with state and local governments. The StateRAMP verification process, built upon the widely accepted National Institute of Standards and Technology (NIST) Special Publication 800-53 framework, and independently audited by a reputable third-party assessment organization (3PAO), ensures the highest level of security and compliance. Achievement of this authorization underscores the company's dedication to supporting state and local governments with cutting-edge technology that enhances productivity, flexibility, and collaboration. With this certification, OPEXUS will empower state, local, and educational (SLED) agencies to elevate trust in public institutions with dynamic case management and rapid application development technology that was purpose-built for the government. OPEXUS supports public sector human resources teams by providing an umbrella of workforce management tools that include eCASE® EEO/eComplaint and eCASE® ER/LR. The company also offers eCASE® Audit and eCASE® Investigations, case-management tools built specifically for government auditors and investigators. "State and local government agencies experience many challenges keeping pace with private sector advancements in technology, cyber security, and data security software – from long purchasing timelines to budget constraints, but they cannot compromise on security,” said Howard Langsam, CEO of OPEXUS. “By demonstrating our security qualifications through StateRAMP, we are removing one more barrier to these agencies being able to purchase cloud solutions that meet both their operational and security requirements.” In 2014, OPEXUS attained FedRAMP authorization at the moderate level for its eCASE®, eCASE® COTS and FOIAXpress® solutions, including Audit, Investigations, Employee & Labor Relations, and EEO Complaints. The company has also achieved Defense Information Systems Agency Impact Level 2 (DISA IL2), FISMA, NIST 800-53 Revision 4, and FIPS certifications. About OPEXUS Get government unstuck with OPEXUS. OPEXUS is the leader in FedRAMP-certified government process management software with more than 30 years of experience supporting public institutions. The company brings operational excellence to governments’ middle office so agencies can focus on the critical work of mission delivery. OPEXUS empowers 100,000 government users with exceptional technology experiences and a built-for-government product suite, including solutions for audit, investigations, correspondence, Freedom of Information Act (FOIA) requests, and employee and labor relations. Located in the heart of Washington D.C., OPEXUS works with more than 150 public institutions in the US and Canada.

Read More

Emerging Technology

Mark43 is First Public Safety Technology Company to Achieve StateRAMP High Impact Level Authorization

Business Wire | October 12, 2023

Mark43, the leading cloud-native public safety software company, today announced that it has achieved State Risk and Authorization Management Program (StateRAMP) High Impact Level Authorization. Mark43 brings the most mature security controls to Computer-Aided Dispatch, Records Management System, and Analytics platforms delivered on Amazon Web Services (AWS) GovCloud to more than 200 public safety agencies and their communities. Mark43 is the first public safety technology company to achieve StateRAMP High Impact Level Authorization, certifying its commitment to protecting the privacy and security of its customers’ data, particularly for state, local and tribal governments. StateRAMP, the State Risk and Authorization Management Program, is a highly respected and recognized certification program for cloud cybersecurity excellence. It provides state and local governments assurance that the technology vendors they are working with meet rigorous cybersecurity standards through independent audits and ongoing continuous monitoring. It is inspired by and adapted from the FedRAMP standards and framework. By achieving StateRAMP High Impact Level Authorization and having achieved FedRAMP High In Process, Mark43 demonstrates its commitment to providing state and local government customers with the highest level of cybersecurity protection possible. “With more than 1,000 known attacks against U.S. public safety agencies and local governments since 2021, the stakes have never been higher,” said Mark43 Chief Executive Officer Robert Hughes. “According to IBM’s ‘Cost of a Data Breach Report 2023,’ the average cost of a cybersecurity breach is $4.45M million and in this current climate, state and local governments are under constant attack. Mark43 is the first public safety technology company to achieve StateRAMP High Impact Level Authorization – verification that Mark43 delivers the resilient, reliable and secure CAD and RMS that cities and states need. Law enforcement agencies simply cannot afford to partner with a technology provider that does not achieve this level of cybersecurity maturity.” “Government agencies, public safety agencies, and institutions of higher education are very real targets for hackers and cyberattacks,” said Mark43 Chief Information Security Officer Larry Zorio. “The ability of these entities to verify that their partners maintain the highest levels of cybersecurity controls is critical. This StateRAMP High Impact Level Authorization is proof that Mark43 offers best-in-class cybersecurity controls.” “Achieving StateRAMP High Impact Level Authorization now makes it even easier for state and local agencies to partner with Mark43, and we’re thrilled to help government partners deliver for the communities they serve,” said Mark43 Chief Revenue Officer Tim Merrigan. Built on Amazon Web Services (AWS) GovCloud, Mark43 will continue to provide industry-leading security controls available for public safety customers. This StateRAMP High Impact Level Authorization builds on Mark43’s existing security program which includes SOC 2 Type II and SOC 3 attestations, as well as recently achieving the FedRAMP High In Process Authorization. Mark43 is one of the few public safety technology companies to have attained the FedRAMP High In Process designation, and is expected to achieve formal FedRAMP High Authorization in the coming months. About Mark43 Mark43 is the leading cloud-native public safety technology company. By delivering a modern, intuitive and mobile-first Records Management System, Computer-Aided Dispatch and Analytics platform, Mark43 empowers governments and their communities to improve the safety and quality of life for all. Working with more than 200 local, state and federal public safety agencies, Mark43 is transforming how first responders use technology to respond, engage and serve the community. Mark43 provides the tools, resources, expertise, and security foundation that public safety needs today, tomorrow, and beyond. For more information or to request a demo, visit www.mark43.com. About StateRAMP StateRAMP promotes the adoption of secure cloud services across the U.S. state and local governments, public education institutions, and special districts. It provides a standardized approach to security and risk assessment and continuous monitoring for cloud technologies for use by government agencies. StateRAMP empowers agencies to use modern cloud products and services to fulfill their organizational objectives by providing independent verification and continuous monitoring against established cybersecurity standards.

Read More