BleepingComputer reports that the Department of Homeland Security's external systems were discovered to have 122 security flaws by professionals who took part in Hack DHS, the department's bug bounty program, 27 of which were critical.
"The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited. We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses," said DHS Chief Information Officer Eric Hysen. More than 450 security researchers and ethical hackers were given $125,600 in total rewards, with individual grants of up to $5,000 per flaw. Vulnerabilities reported to Hack DHS are verified by the agency's security experts within two days, with fixes issued in at least 15 days. "Hack DHS underscores our Department's commitment to lead by example and protect our nation's networks and infrastructure from evolving cybersecurity threats," said Secretary of Homeland Security Alejandro Mayorkas.