SlideShare une entreprise Scribd logo

Distributed Defense: How Governments Deploy Hacker-Powered Security

HackerOne
HackerOne

Many of the most secretive and conservative organizations in the world are reaping the benefits of working with the independent security research community with the help of HackerOne. The U.S. Department of Defense runs an ongoing Vulnerability Disclosure Program through HackerOne Response. The Pentagon, The U.S. Army, and The U.S. Air Force have collectively paid hackers over $400K for their efforts in securing mission-critical assets with a collection of HackerOne Challenges. The European Commission recently selected HackerOne as the platform for their first ever bug bounty program with a HackerOne Challenge on the VLC software. The U.S. General Service Administration’s Technology Transformation Service (TTS, aka 18F) launched the first bug bounty program run by a civilian federal agency with HackerOne Bounty. Singapore's Ministry of Defence (MINDEF) ran an immensely successful HackerOne Challenge. Review this slideshare and download the full report to see: How government organizations like EU Commission, Singapore MINDEF, The Pentagon, and more are reaping the benefits of hacker-powered security Statistical successes of each program and testimonials from those running these programs The varied strategies employed to “crawl, walk, and then run” with hacker-powered programs. https://info.hacker.one/trusted-by-governments-around-the-globe/

Internet
1  sur  11
Télécharger pour lire hors ligne
Distributed Defense: How Governments Deploy Hacker-Powered Security More and more public sector agencies are recommending, mandating, and using ethical hackers as a secret weapon in their approach to cybersecurity.
Government Agencies Have Long Recommended Hacker-Powered Security “All companies should consider promulgating a vulnerability disclosure policy…” ROD J. ROSENSTEIN, Deputy Attorney General, U.S. Department of Justice “Companies should communicate and coordinate with the security research community...” FEDERAL TRADE COMMISSION “Engage with researchers and the hacker community in the reporting of vulnerabilities…” MANIFESTO ON COORDINATED VULNERABILITY DISCLOSURE, Global Forum on Cyber Expertise “Manufacturers should also adopt a coordinated vulnerability disclosure policy…” U.S. FOOD AND DRUG ADMINISTRATION, Postmarket Management of Cybersecurity in Medical Devices See More Quotes Here
Now, They are Using it to Enhance Their Own Security The European Commission recently selected HackerOne as the platform for their first-ever bug bounty program. The U.S. Department of Defense (DoD) has used HackerOne Challenges at the Pentagon, the Army, the Air Force, and more. Singapore's Ministry of Defence (MINDEF) engaged HackerOne for the first crowd-sourced security initiative run by a government in Asia.
Hacker-Powered Security Helps Governments Accelerate Their Security Efforts Governments aren’t known for their speed, but using hacker-powered security lets them move faster than ever before to quickly improve their security posture. The first-ever bug bounty challenge at the U.S. Department of Defense had more than 250 vetted hackers identify 138 validated bugs in just 24 days! Singapore’s Ministry of Defense used vetted hackers to identify 35 unique bugs and earn $14,750 in just 3 weeks! “The success of the program helped us boost our cybersecurity in a matter of weeks.” DAVID KOH, Deputy Secretary (Special Projects) and Defence Cyber Chief, Singapore’s Ministry of Defence
Here’s How Fast Hacker-Powered Security is for the DoD “The return on investment is incredible, both in terms of cost and in terms of making government assets more secure.” HUNTER PRICE, Director of Air Force Digital Service The U.S. DoD’s second challenge, Hack the Army, had 370 hackers report more than 400 bugs and earn over $100,000 in 3 weeks. The very first report was submitted within just 5 minutes! Hack the Air Force was next, with two separate challenges identifying more than 300 bugs in under two months. The very first report was submitted just 1 minute after the challenge opened!
Hacker-Powered Security Saves Taxpayer Money “If we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million.” ASH CARTER, U.S. Secretary of Defense at the time of the program Hacker-powered security enables governments to utilize modern and cost effective security efforts. It’s a proven approach to improving the security posture of any agency or organization. Here’s the math: Estimated Cost of Their “Normal” Security Audit and Vulnerability Assessment Process: $1,000,000 Amount Paid by DoD in 1 HackerOne Challenge: − $150,000 TAXPAYER MONEY SAVED: $850,000
These U.S. Military Agencies Trust HackerOne Hack The Pentagon | HackerOne Challenge | April-May 2016 The U.S. Department of Defense made the move into hacker-powered security with the first bug bounty program for the federal government. Read more Hack The Army | HackerOne Challenge | November-December 2016 Building on the Pentagon’s success, this program targeted operationally significant websites including those mission critical to recruiting. Read more Hack the Air Force | HackerOne Challenge | May-June 2017 & December 2017 - January 2018 Expanded the Pentagon’s hacker-powered initiatives to include non-U.S. participants and an increased bounty budget. Read more Hackers Registered 1,400+ First Report 13 minutes Bounties Paid $75,000 Valid Reports 138 Hackers Participating 371 First Report 5 minutes Bounties Paid $100,000 Valid Reports 118 Hackers Participants1 275+ First Report 1 minute Bounties Paid2 $233,883 Valid Reports3 313 1. with 30 from outside U.S. 2. ($130,000+ $103,883) 3. (207 + 106)
The U.S. Department of Defense Uses HackerOne U.S. DEPARTMENT OF DEFENSE HackerOne Response | Launched November 2016 After Hack the Pentagon, the DoD noticed bugs were still being submitted, so they launched an open-ended Vulnerability Disclosure Policy. Read more Hackers Participating 650+ Vulnerabilities Reported 3,000+
And These Global Government Agencies Use HackerOne, Too HackerOne Bounty | December 2017 The European Commission’s first ever bounty program, designed to protect critical EU software in the aftermath of the Heartbleed incident. Read more HackerOne Challenge | January-February 2018 Singapore’s first crowd-sourced security initiative and the first program of its kind by a government agency in Asia. Read more HackerOne Bounty | August 2017 The first-ever bug bounty program for a civilian federal agency in the U.S. Read more EU-Free and Open Source Software Auditing (EU-FOSSA) Project Singapore Ministry of Defence (MINDEF) Bug Bounty Challenge General Service Administration’s Technology Transformation Service
1 Put a vulnerability disclosure policy (VDP) in place with HackerOne Response. Check out HackerOne’s “VDP Basics”, a complete guide for crafting an effective vulnerability disclosure policy. Or, learn more about HackerOne Response, a turnkey solution to help organizations receive, respond to, and resolve security vulnerabilities discovered by third-parties. 2 Try a crowd-sourced penetration test with HackerOne Challenge. HackerOne Challenge provides a private, turnkey program with a focused scope and a finite length. It’s an easy way to dip a toe into hacker-powered security, and it’s cost-effective: hackers are paid for valid results, not man-hours. That means hackers are incentivized to find the issues with the biggest impact, which directly correlates to the most value to you and to them. 3 Start a continuous bug bounty program with HackerOne Bounty. HackerOne Bounty enables agencies and organizations to leverage the power of the global hacker community along with the expert services of HackerOne. Using internal resources, HackerOne’s professional services team, or a combination of both, a continuous bug bounty program quickly scales and expands the reach of every security team. For Governments Getting Started is as Easy as 1-2-3
Get started by downloading an ebook version of this presentation. DOWNLOAD FREE EBOOK EMAIL US Learn Why More Governments Choose HackerOne Or, jump right in and talk with a HackerOne representative today.

Recommandé

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Federal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideFederal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideHackerOne
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment TypesHackerOne
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...HackerOne
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 

Recommandé

Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Federal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideFederal Trade Commission's Start With Security Guide
Federal Trade Commission's Start With Security GuideHackerOne
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment TypesHackerOne
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...
The 2018 Hacker Report: Insights on the hacker mindset, who they are, and the...HackerOne
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017HackerOne
 
9 Top Bug Bounty Programs
9 Top Bug Bounty Programs9 Top Bug Bounty Programs
9 Top Bug Bounty ProgramsHackerOne
 
Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyHackerOne
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
Bug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchBug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...HackerOne
 
How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
 
HackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityHackerOne
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 

Contenu connexe

Plus de HackerOne

Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyHackerOne
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
Bug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchBug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchHackerOne
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...HackerOne
 
How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
 
HackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityHackerOne
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsHackerOne
 

Plus de HackerOne (11)

Voices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure PolicyVoices of Vulnerability Disclosure Policy
Voices of Vulnerability Disclosure Policy
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
Bug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 ResearchBug Bounties and The Path to Secure Software by 451 Research
Bug Bounties and The Path to Secure Software by 451 Research
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
An Invitation to Hack: Wiley Rein and HackerOne Webinar on Vulnerability Disc...
 
How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...How GitLab and HackerOne help organizations innovate faster without compromis...
How GitLab and HackerOne help organizations innovate faster without compromis...
 
HackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning WangHackerOne Presents in China - COO Ning Wang
HackerOne Presents in China - COO Ning Wang
 
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered SecurityTapping Hackers for Continuous Security: That's Hacker-Powered Security
Tapping Hackers for Continuous Security: That's Hacker-Powered Security
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
Meet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programsMeet the hackers powering the world's best bug bounty programs
Meet the hackers powering the world's best bug bounty programs
 

Dernier

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 

Dernier (20)

原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 

Distributed Defense: How Governments Deploy Hacker-Powered Security

  • 1. Distributed Defense: How Governments Deploy Hacker-Powered Security More and more public sector agencies are recommending, mandating, and using ethical hackers as a secret weapon in their approach to cybersecurity.
  • 2. Government Agencies Have Long Recommended Hacker-Powered Security “All companies should consider promulgating a vulnerability disclosure policy…” ROD J. ROSENSTEIN, Deputy Attorney General, U.S. Department of Justice “Companies should communicate and coordinate with the security research community...” FEDERAL TRADE COMMISSION “Engage with researchers and the hacker community in the reporting of vulnerabilities…” MANIFESTO ON COORDINATED VULNERABILITY DISCLOSURE, Global Forum on Cyber Expertise “Manufacturers should also adopt a coordinated vulnerability disclosure policy…” U.S. FOOD AND DRUG ADMINISTRATION, Postmarket Management of Cybersecurity in Medical Devices See More Quotes Here
  • 3. Now, They are Using it to Enhance Their Own Security The European Commission recently selected HackerOne as the platform for their first-ever bug bounty program. The U.S. Department of Defense (DoD) has used HackerOne Challenges at the Pentagon, the Army, the Air Force, and more. Singapore's Ministry of Defence (MINDEF) engaged HackerOne for the first crowd-sourced security initiative run by a government in Asia.
  • 4. Hacker-Powered Security Helps Governments Accelerate Their Security Efforts Governments aren’t known for their speed, but using hacker-powered security lets them move faster than ever before to quickly improve their security posture. The first-ever bug bounty challenge at the U.S. Department of Defense had more than 250 vetted hackers identify 138 validated bugs in just 24 days! Singapore’s Ministry of Defense used vetted hackers to identify 35 unique bugs and earn $14,750 in just 3 weeks! “The success of the program helped us boost our cybersecurity in a matter of weeks.” DAVID KOH, Deputy Secretary (Special Projects) and Defence Cyber Chief, Singapore’s Ministry of Defence
  • 5. Here’s How Fast Hacker-Powered Security is for the DoD “The return on investment is incredible, both in terms of cost and in terms of making government assets more secure.” HUNTER PRICE, Director of Air Force Digital Service The U.S. DoD’s second challenge, Hack the Army, had 370 hackers report more than 400 bugs and earn over $100,000 in 3 weeks. The very first report was submitted within just 5 minutes! Hack the Air Force was next, with two separate challenges identifying more than 300 bugs in under two months. The very first report was submitted just 1 minute after the challenge opened!
  • 6. Hacker-Powered Security Saves Taxpayer Money “If we had gone through the normal process of hiring an outside firm to do a security audit and vulnerability assessment, which is what we usually do, it would have cost us more than $1 million.” ASH CARTER, U.S. Secretary of Defense at the time of the program Hacker-powered security enables governments to utilize modern and cost effective security efforts. It’s a proven approach to improving the security posture of any agency or organization. Here’s the math: Estimated Cost of Their “Normal” Security Audit and Vulnerability Assessment Process: $1,000,000 Amount Paid by DoD in 1 HackerOne Challenge: − $150,000 TAXPAYER MONEY SAVED: $850,000
  • 7. These U.S. Military Agencies Trust HackerOne Hack The Pentagon | HackerOne Challenge | April-May 2016 The U.S. Department of Defense made the move into hacker-powered security with the first bug bounty program for the federal government. Read more Hack The Army | HackerOne Challenge | November-December 2016 Building on the Pentagon’s success, this program targeted operationally significant websites including those mission critical to recruiting. Read more Hack the Air Force | HackerOne Challenge | May-June 2017 & December 2017 - January 2018 Expanded the Pentagon’s hacker-powered initiatives to include non-U.S. participants and an increased bounty budget. Read more Hackers Registered 1,400+ First Report 13 minutes Bounties Paid $75,000 Valid Reports 138 Hackers Participating 371 First Report 5 minutes Bounties Paid $100,000 Valid Reports 118 Hackers Participants1 275+ First Report 1 minute Bounties Paid2 $233,883 Valid Reports3 313 1. with 30 from outside U.S. 2. ($130,000+ $103,883) 3. (207 + 106)
  • 8. The U.S. Department of Defense Uses HackerOne U.S. DEPARTMENT OF DEFENSE HackerOne Response | Launched November 2016 After Hack the Pentagon, the DoD noticed bugs were still being submitted, so they launched an open-ended Vulnerability Disclosure Policy. Read more Hackers Participating 650+ Vulnerabilities Reported 3,000+
  • 9. And These Global Government Agencies Use HackerOne, Too HackerOne Bounty | December 2017 The European Commission’s first ever bounty program, designed to protect critical EU software in the aftermath of the Heartbleed incident. Read more HackerOne Challenge | January-February 2018 Singapore’s first crowd-sourced security initiative and the first program of its kind by a government agency in Asia. Read more HackerOne Bounty | August 2017 The first-ever bug bounty program for a civilian federal agency in the U.S. Read more EU-Free and Open Source Software Auditing (EU-FOSSA) Project Singapore Ministry of Defence (MINDEF) Bug Bounty Challenge General Service Administration’s Technology Transformation Service
  • 10. 1 Put a vulnerability disclosure policy (VDP) in place with HackerOne Response. Check out HackerOne’s “VDP Basics”, a complete guide for crafting an effective vulnerability disclosure policy. Or, learn more about HackerOne Response, a turnkey solution to help organizations receive, respond to, and resolve security vulnerabilities discovered by third-parties. 2 Try a crowd-sourced penetration test with HackerOne Challenge. HackerOne Challenge provides a private, turnkey program with a focused scope and a finite length. It’s an easy way to dip a toe into hacker-powered security, and it’s cost-effective: hackers are paid for valid results, not man-hours. That means hackers are incentivized to find the issues with the biggest impact, which directly correlates to the most value to you and to them. 3 Start a continuous bug bounty program with HackerOne Bounty. HackerOne Bounty enables agencies and organizations to leverage the power of the global hacker community along with the expert services of HackerOne. Using internal resources, HackerOne’s professional services team, or a combination of both, a continuous bug bounty program quickly scales and expands the reach of every security team. For Governments Getting Started is as Easy as 1-2-3
  • 11. Get started by downloading an ebook version of this presentation. DOWNLOAD FREE EBOOK EMAIL US Learn Why More Governments Choose HackerOne Or, jump right in and talk with a HackerOne representative today.