This guest blog post was contributed by the U.S. Department of Defense (DoD) Cyber Crime Center (DC3) public affairs team.
On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity.
The VDP is one of four team recipients of the annual award that recognizes accomplishments in areas such as cybersecurity, cloud computing, C3 modernization, Artificial Intelligence, or other areas of information technology modernization.
“We are truly honored to be selected amongst a very competitive pool of 135 nominees for the DoD CIO award for Cybersecurity,” said VDP director Kris Johnson. “I believe this demonstrates the importance of our program to protecting the DoD Information Network (DoDIN), how VDP should be added as another layer to a defense-in-depth strategy, and the awesome capability of the white-hat researcher community. The DoD VDP team would like to thank the researchers and our critical partnerships with the U.S. Cyber Command, Joint Task Force Headquarters-DoDIN (JFHQ-DoDIN) and the Defense Digital Service. VDP is a team sport, and we could not have achieved this level of success without them.”
U.S. Army photo by Mr. Leroy Council. The 2019 Department of Defense Chief Information Officer annual awards ceremony at Pentagon, Arlington, Va., Nov 4, 2019. Department of Defense Chief Information Officer, Mr. Dana S. Deasy, presents the 2019 Cybersecurity Team award to the Vulnerability Disclosure Program (VDP).
The VDP was established in November 2016, and DC3 was tasked as the DoD’s single focal point for crowd-sourced vulnerability reporting and interacting with private white hat cybersecurity researchers, popularly referred to as “ethical hackers.” It was the first government program of its kind following the success of the Hack the Pentagon bug bounty pilot that took place earlier in 2016.
Since then, VDP has processed more than 11,000 vulnerabilities discovered by researchers within DoD’s public facing websites, with nearly 70 percent confirmed as being genuine and requiring action by JFHQ-DoDIN to mitigate.
Executive Director Jeffrey Specht said, “The VDP Team can and should take tremendous pride in this well-deserved recognition. The VDP has an incredibly positive impact in protecting DoD-wide programs and equities. I am confident the positive impact of the VDP will only continue to grow in the months and years to come.”
DoD components nominate individuals and teams during DoD CIOs annual call for awards. Nominations are evaluated and scored by a DoD CIO Senior Executive Service panel against a set of criteria including mission impact, innovation, and management efficiencies.
“This award win would not have been possible without the help from the security researcher community,” said Johnson. “Their tireless efforts and contributions have helped boost our nation’s security and significantly reduce the risk of an incident.”
For more information about the Vulnerability Disclosure Program, go to https://www.dc3.mil/vulnerability-disclosure.
To learn more and to submit a vulnerability to the U.S. Department of Defense’s VDP, visit https://hackerone.com/deptofdefense.