Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Army Bug Bounty Program: a Critical Need In Defense (cyberdefensereview.org)

Posted by Soulskill on from the imagine-a-giant-virtual-fence dept.

hypercard writes: It seems just about every major tech company and even a few other large non-tech corporations have bug bounty programs as part of an effort to improve security through a community effort. Captains Rock Stevens and Michael Weigand, both Cyber officers in the U.S. Army, recently published Army Vulnerability Response Program, an outline for a legal way of disclosing bugs in Army software and networks. They say, "[T]he Army does not have a central location for responsibly disclosing vulnerabilities found through daily use, much less a program that can permit active security assessments of networks or software solutions. Without a legal means to disclose vulnerabilities in Army software or networks, vulnerabilities are going unreported and unresolved."

14 of 90 comments (clear)

  1. Parents are funny by willworkforbeer · · Score: 2

    Naming your kid after an obviously comic-book-based superhero like: "Captain Rock Stevens".

    So obviously DC Golden Age. amirite?

    --
    Pretending this is my office full of bitter coworkers..
  2. One on the house . . . by PolygamousRanchKid+ · · Score: 4, Interesting

    The US Army doesn't like USB port on laptops, and the like, so they are physically disabled. US Army Dental Surgeons, specialists in things like peritonitis, my want to leave the army later, and go into a private practice. For that they need pictures of patients, documenting what they have done. They have the pictures on their machines, but can't copy them onto a USB stick, because the military does not want that.

    So what does a smart US Army Dental Surgeon do . . . ? Well, he figures out that he can send a picture to their printer . . . which happens to have a USB port for a memory stick. And then he can just save the pictures using this method.

    What do I win . . . ?

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    1. Re:One on the house . . . by Anonymous Coward · · Score: 1

      Is there a legal procedure that they're meant to follow? MHS - PHIMT? "because the military does not want that" could be related to HIPAA. HIPAA requires entities to maintain a history of any disclosure events related to protected health information.

    2. Re:One on the house . . . by Deadstick · · Score: 1

      I would suspect they define "responsibly disclosed" as "only telling us".

    3. Re:One on the house . . . by angel'o'sphere · · Score: 1

      While the USB/printing/USB at teh printer stuff might be true.
      Certainly a doctor who honours his profession would not use private data of patients to apply for a job elsewhere.
      In Eurpoe that would be illegal, and likely his future non employer would file the charges.
      No idea how the US is dealing with private medical data, though.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    4. Re:One on the house . . . by stephanruby · · Score: 1

      Even in Europe, I've seen pictures of x-rays and medical records in medical textbooks.

      Surely, all those textbooks are not all breaking the law, there must be some kind of way to maintain the privacy of people.

      Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. Or may be, asking those patients to sign a release form. It's not like a dentist is going to showcase the work of his unsuccessful procedures. He will mostly likely only ask the patients that had successful procedures and that are extremely grateful to him/her.

    5. Re:One on the house . . . by angel'o'sphere · · Score: 1

      Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. [...] Or may be, asking those patients to sign a release form.
      (facepalm) Indded! You ask for consent of the patient.
      There is no other way.

      You can not publish legally a picture of me anywhere unless it is of public interest, e.g. me shooting the queen.

      And publishing a medical record of me without my consent makes you unemployable for quite a while.

      No idea why you americans always have so stupid ideas how a civilized country and society is run.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  3. What's going on here? by FatdogHaiku · · Score: 1, Funny

    This idea seems to be well reasoned.
    It has great potential to be both cost effective and practical...
    It's obviously lacking Congressional Oversight.

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  4. Bug bounty, eh? by Chris+Mattern · · Score: 3, Insightful

    I'm gonna write me a new minivan this afternoon!

  5. Is this ... by PPH · · Score: 1

    ... going to be a standup fight, sir, or another bug hunt?

    --
    Have gnu, will travel.
  6. "...vulnerabilities are going..." by turkeydance · · Score: 1

    all else is commentary.

  7. Bug bounties are bullshit by Anonymous Coward · · Score: 1

    Crowdsourcing solutions is just another way of getting work done for cheap. The future of STEM is bleak.

  8. It's a TRAP by rtb61 · · Score: 1

    So if you wanted to find out who knew about US military computer security what would you do? Not saying there is something 'fishy' going on (star wars marketing memes are super over the top at the moment, annoyingly so, PO Jerk Jerk A) but you had better make sure you have a legal reason for knowing the US military had or used computers let alone the security systems in use or the lack there of else you could find it's legal force fields up, their main legal weapon on line and a whole fleet of federal agents ready to prevent your escape ;D.

    --
    Chaos - everything, everywhere, everywhen
  9. Re:WORKERS MUST RULE by KGIII · · Score: 1

    So you don't mind if I just sleep on your couch and take the money from your bank account, then? I hope you, at least, have an attractive wife or daughter.

    --
    "So long and thanks for all the fish."