Log4J added to DHS bug bounty program

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and Homeland Security Secretary Alejandro Mayorkas announced the expansion of the “Hack DHS” bug bounty program, noting on Twitter that it will now include vulnerabilities related to Log4J

“We opened our HackDHS bug bounty program to find and patch Log4j-related vulnerabilities in our systems,” Easterly said. “Huge thanks to the researcher community taking part in this program. Log4j is a global threat and it’s great to have some of the world’s best helping us keep orgs safe.”

more coverage

On December 14, the Homeland Security Department announced the bug bounty program as a way to identify cybersecurity gaps and vulnerabilities in their systems. They gave “vetted” cybersecurity researchers access to “select external DHS systems” and asked them to find bugs. 

Secretary Alejandro Mayorkas called DHS the “federal government’s cybersecurity quarterback” and said the program “incentivizes highly skilled hackers to identify cybersecurity weaknesses in our systems before they can be exploited by bad actors.”  

“This program is one example of how the Department is partnering with the community to help protect our Nation’s cybersecurity,” Mayorkas said. 

In the original outline of the program, DHS planned for the bug bounty effort to occur in

Read More: https://www.zdnet.com/article/cisa-expands-bug-bounty-program-to-include-log4j/#ftag=RSSbaffb68