The Defense Department’s Cyber Crime Center will soon be accepting applications for a limited number of companies within the defense industrial base to benefit from security researchers already working for the department.
“If you're a small to medium sized DIB company and are interested in attending an industry day on Feb. 12th to learn how this free, DoD-provided capability will improve your #cyberhygiene please send an email to [email protected] for an invite,” the center recently wrote in a pair of tweets. “Application window opens after event!”
DOD’s Cyber Crime Center already hosts a voluntary cybersecurity program with a collaborative information sharing environment which includes over 720 companies, according to Carnegie Mellon’s Software Engineering Institute, which conducted a feasibility study on the expansion of the DOD’s current vulnerability disclosure program. DOD sponsored the study by the institute, which is a leader in the vulnerability disclosure coordination space and a federally funded research and development center.
Vulnerability disclosure programs, where security researchers are given safe harbor from prosecution in exchange for identifying how threat actors can exploit a system’s weaknesses, are still not present in the vast majority—94%—of Fortune 2000 companies, according to the study. DOD, and more recently the Cybersecurity and Infrastructure Security Agency, have brought such programs to government systems, and related bug bounty programs are popular in mature segments of the private sector. But contractors have unique concerns.
The Carnegie Mellon study recommended a pilot to test how the program would address those, and advised that it initially only be open to 20 companies f ..
Support the originator by clicking the read the rest link below.
