The Army Bug Bounty Program: a Critical Need In Defense (cyberdefensereview.org)

← Back to Stories (view on slashdot.org)

The Army Bug Bounty Program: a Critical Need In Defense (cyberdefensereview.org)

Posted by Soulskill on Saturday October 24, 2015 @11:01AM from the imagine-a-giant-virtual-fence dept.

hypercard writes: It seems just about every major tech company and even a few other large non-tech corporations have bug bounty programs as part of an effort to improve security through a community effort. Captains Rock Stevens and Michael Weigand, both Cyber officers in the U.S. Army, recently published Army Vulnerability Response Program, an outline for a legal way of disclosing bugs in Army software and networks. They say, "[T]he Army does not have a central location for responsibly disclosing vulnerabilities found through daily use, much less a program that can permit active security assessments of networks or software solutions. Without a legal means to disclose vulnerabilities in Army software or networks, vulnerabilities are going unreported and unresolved."

90 comments

Min score:

Reason:

Sort:

Parents are funny by willworkforbeer · 2015-10-24 11:09 · Score: 2

Naming your kid after an obviously comic-book-based superhero like: "Captain Rock Stevens".

So obviously DC Golden Age. amirite?

--
Pretending this is my office full of bitter coworkers..
The copy instruction. by Anonymous Coward · 2015-10-24 11:15 · Score: 0

Hero 6: if a robot copies it's assembler to his or hers death, the robot will die.
One on the house . . . by PolygamousRanchKid+ · 2015-10-24 11:19 · Score: 4, Interesting

The US Army doesn't like USB port on laptops, and the like, so they are physically disabled. US Army Dental Surgeons, specialists in things like peritonitis, my want to leave the army later, and go into a private practice. For that they need pictures of patients, documenting what they have done. They have the pictures on their machines, but can't copy them onto a USB stick, because the military does not want that.
So what does a smart US Army Dental Surgeon do . . . ? Well, he figures out that he can send a picture to their printer . . . which happens to have a USB port for a memory stick. And then he can just save the pictures using this method.
What do I win . . . ?

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
1. Re:One on the house . . . by Anonymous Coward · 2015-10-24 11:56 · Score: 1
  
  Is there a legal procedure that they're meant to follow? MHS - PHIMT? "because the military does not want that" could be related to HIPAA. HIPAA requires entities to maintain a history of any disclosure events related to protected health information.
2. Re:One on the house . . . by Deadstick · 2015-10-24 12:02 · Score: 1
  
  I would suspect they define "responsibly disclosed" as "only telling us".
3. Re:One on the house . . . by Anonymous Coward · 2015-10-24 22:04 · Score: 0
  
  Well, that seems to be the way they do deal with their own shortcomings in general. "Only tell us so that we can ignore the problem without external pressure."
  With that said I think it is a lot better to have unfixed security holes than to systematically torture prisoners.
4. Re:One on the house . . . by Anonymous Coward · 2015-10-25 05:32 · Score: 0
  
  CD writer.
5. Re:One on the house . . . by angel'o'sphere · 2015-10-25 09:03 · Score: 1
  
  While the USB/printing/USB at teh printer stuff might be true.
  Certainly a doctor who honours his profession would not use private data of patients to apply for a job elsewhere.
  In Eurpoe that would be illegal, and likely his future non employer would file the charges.
  No idea how the US is dealing with private medical data, though.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
6. Re:One on the house . . . by Anonymous Coward · 2015-10-25 09:05 · Score: 0
  
  The "legal" procedure is to burn a CD/DVD.
  They don't want us using thumb drives because of the risk of introducing malware to the network.
  From what I've read, the Iranian centrifuge calamity was all because of an infected thumb drive being introduced to the network.
7. Re:One on the house . . . by stephanruby · 2015-10-25 10:41 · Score: 1
  
  Even in Europe, I've seen pictures of x-rays and medical records in medical textbooks.
  Surely, all those textbooks are not all breaking the law, there must be some kind of way to maintain the privacy of people.
  Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. Or may be, asking those patients to sign a release form. It's not like a dentist is going to showcase the work of his unsuccessful procedures. He will mostly likely only ask the patients that had successful procedures and that are extremely grateful to him/her.
8. Re:One on the house . . . by angel'o'sphere · 2015-10-26 10:37 · Score: 1
  
  Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. [...] Or may be, asking those patients to sign a release form.
  (facepalm) Indded! You ask for consent of the patient.
  There is no other way.
  You can not publish legally a picture of me anywhere unless it is of public interest, e.g. me shooting the queen.
  And publishing a medical record of me without my consent makes you unemployable for quite a while.
  No idea why you americans always have so stupid ideas how a civilized country and society is run.
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Continous Improvement vs. Security by Anonymous Coward · 2015-10-24 11:41 · Score: 0

Should continuous improvement be at odds with the principle of least privilege? Perhaps the pattern of privilege separation could be used in the context of an organization as well.
1. Re: Continous Improvement vs. Security by Anonymous Coward · 2015-10-24 15:39 · Score: 0
  
  No reason for these two things to be at odds. It's about time military realized that silencing smart patriots isn't the way to beat a smart enemy.
What's going on here? by FatdogHaiku · 2015-10-24 11:42 · Score: 1, Funny

This idea seems to be well reasoned.
It has great potential to be both cost effective and practical...
It's obviously lacking Congressional Oversight.

--
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
1. Re:What's going on here? by fredgiblet · 2015-10-24 20:51 · Score: 0
  
  That's coming, I'm sure. Congress will dictate that the program needs to be run by Lockheed for $10 billion dollars.
Bug bounty, eh? by Chris+Mattern · 2015-10-24 11:44 · Score: 3, Insightful

I'm gonna write me a new minivan this afternoon!
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 12:10 · Score: 0

They not only oppose any effort to fix problems. They actively create problems.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 12:11 · Score: 0

That is the way of their kind.
Is this ... by PPH · 2015-10-24 12:34 · Score: 1

... going to be a standup fight, sir, or another bug hunt?

--
Have gnu, will travel.
1. Re: Is this ... by Anonymous Coward · 2015-10-24 16:17 · Score: 0
  
  Dat iz epukians.
2. Re: Is this ... by Anonymous Coward · 2015-10-24 16:17 · Score: 0
  
  Des.
3. Re: Is this ... by Anonymous Coward · 2015-10-24 16:19 · Score: 0
  
  Noz.
4. Re: Is this ... by Anonymous Coward · 2015-10-24 16:21 · Score: 0
  
  Death is wat dey pukians ant fur us all.
5. Re: Is this ... by Anonymous Coward · 2015-10-24 16:28 · Score: 0
  
  Rape is what the Republicans constantly do. They do.
6. Re: Is this ... by Anonymous Coward · 2015-10-24 16:33 · Score: 0
  
  No the republicans hate us.
"...vulnerabilities are going..." by turkeydance · 2015-10-24 12:38 · Score: 1

all else is commentary.
Bug bounties are bullshit by Anonymous Coward · 2015-10-24 12:49 · Score: 1

Crowdsourcing solutions is just another way of getting work done for cheap. The future of STEM is bleak.
1. Re: Bug bounties are bullshit by Anonymous Coward · 2015-10-24 14:59 · Score: 0
  
  Yep. Us STEM folk aren't paid nearly enough. Salaries for (experieced/decent) engineers should be 30 times what they presently are. Not kidding. ($3M-$6M/yr)
It's a TRAP by rtb61 · 2015-10-24 13:05 · Score: 1

So if you wanted to find out who knew about US military computer security what would you do? Not saying there is something 'fishy' going on (star wars marketing memes are super over the top at the moment, annoyingly so, PO Jerk Jerk A) but you had better make sure you have a legal reason for knowing the US military had or used computers let alone the security systems in use or the lack there of else you could find it's legal force fields up, their main legal weapon on line and a whole fleet of federal agents ready to prevent your escape ;D.

--
Chaos - everything, everywhere, everywhen
1. Re:It's a TRAP by Anonymous Coward · 2015-10-24 13:56 · Score: 0
  
  yeah, you see i found this security flaw in the key management of this combat fighter flight computer
  what do i win?
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 13:27 · Score: 0

Sure they never fix any problems... neither do the Democrats - they both take there turns heaping trouble on "the little people", and neither fix each others messes.

It's almost like they are in it together...
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:34 · Score: 0

They raped my daughter with rebar. That is the type of people Republicams are. You should never vote for one of their kind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:36 · Score: 0

It wAs my wife that they raped with rebar. It is the way of Thor kind. They cnstantly rape.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:42 · Score: 0

My daughter wa none months old when the repukians raped her to death. You should never vote for there kind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:43 · Score: 0

> there kind
What does that mean?
Re: Theit means they rape u Fiji c sighs risotto. by Anonymous Coward · 2015-10-24 15:45 · Score: 0

Such duck :8,$4$ hide sudbej. Dushsndbsneud stupid repukians.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:46 · Score: 0

They raped me with rebar. Raped me with rebar.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:48 · Score: 0

They do hat becuz dey want us 2 die.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:52 · Score: 0

They beat my daughter to death with a rubber pipe the raped her until she lay so much blood she died. You should never vote for a Republican.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:53 · Score: 0

That is the way of their kind. They are not whole people.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:55 · Score: 0

When you give people a job because of their race, then of course you don't get the most qualified.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:57 · Score: 0

They too raped me with rebar.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 15:58 · Score: 0

His fish did d shushes handbrake houses. Subs she's jakes cjjxkls. Us jab jabber. iDisk judge. Heidi SUVs. Johan hash. Jag s v.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:00 · Score: 0

Liberalism is a mental disease.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:01 · Score: 0

The Republicans want us to die.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:15 · Score: 0

They want us to die which is y dey constantly ape us b
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:29 · Score: 0

They rape a constantly with rebar.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:30 · Score: 0

They rape us constantly.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:32 · Score: 0

Day ate us. Ate us. Want us to die dat iz. Dey. Ay of sere kind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:42 · Score: 0

They murdered my wife with jalapeÃ±os because she opposed them.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:43 · Score: 0

My daughter died after dey rammed. Piece of rebar up her ass.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:45 · Score: 0

Ape iz de way of dere kind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:47 · Score: 0

U shud nava vire fur a repepukia.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:49 · Score: 0

Bale us. Ape us.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:52 · Score: 0

Dex Pe iz. Constablyb
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:53 · Score: 0

The Repukians hate us. U should never vote fur dem.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 16:55 · Score: 0

The Repukians hate us. U should never vote fur dem. Az iz devway of Der kind b
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:16 · Score: 0

Shows just wat der kind iz.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:24 · Score: 0

Wat uz 2 due. Mm.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:26 · Score: 0

Dey clenzenibg. Clenzung. Dat uz de way if rgeir kind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:28 · Score: 0

Dez acist. Acist as iz set way 3f dere ind.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:32 · Score: 0

Constantz rOists.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:37 · Score: 0

They constantly ape us. Cont ably ape us.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:40 · Score: 0

I almost bleede 2 death vecuz of den.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:44 · Score: 0

The Repukians hate us. U should never vote fur dem.
Liberalism is a mental disorder.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:46 · Score: 0

Butt det had non-epukians lected.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:48 · Score: 0

Becuz dey murder ur parents.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:50 · Score: 0

They Clemsoning. Today Clemsoning meant doz epukians will kill emseves. Ill emecelves.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:51 · Score: 0

They onstantly ape uz. Onstantly ape uz.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:55 · Score: 0

It means u r 2 stupid to 'stand igoc.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 17:58 · Score: 0

Epukianz constantly ape uz.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:00 · Score: 0

They killed my little sister with der apes.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:02 · Score: 0

Clemson only won by 58-0 which proves they are pieces of shit that need to die.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:03 · Score: 0

That proves that they r dey orst eam in college ootball.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:05 · Score: 0

Dey ant uz 2 die.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:09 · Score: 0

They want us to die. Want us to die.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:15 · Score: 0

Call me. I love pieces of shit like u. Pieces of shit like u.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:18 · Score: 0

Only becuz u epukianz lie bout wat aociLizm iz.
Re: The Republicans of course... by Anonymous Coward · 2015-10-24 18:20 · Score: 0

Only becuz u epukianz lie bout wat aocikizm iz.
Re:WORKERS MUST RULE by KGIII · 2015-10-24 18:29 · Score: 1

So you don't mind if I just sleep on your couch and take the money from your bank account, then? I hope you, at least, have an attractive wife or daughter.

--
"So long and thanks for all the fish."
What Could Go Wrong by Anonymous Coward · 2015-10-25 05:21 · Score: 0

Windows 10 requires access to all your data. Windows 7 updates gives Microsoft the same access. Apple and Google are perfecting their data mining. What's the problem?
army gots to pay more than the badniks by Anonymous Coward · 2015-10-25 07:42 · Score: 0

For this to work, the Army must pay more $ than the badniks do. Army must outspend organized crime. Who has more money? Who will go bankrupt first? Hint: it won't be the Russian mafia.