From bleepingcomputer.com
The Department of Homeland Security (DHS) has announced that the ‘Hack DHS’ program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities.
“In response to the recently discovered log4j vulnerabilities, @DHSgov is expanding the scope of our new #HackDHS bug bounty program and including additional incentives to find and patch log4j-related vulnerabilities in our systems,” tweeted DHS Secretary Alejandro N. Mayorkas.
“In partnership with vetted hackers, the federal government will continue to secure nationwide systems and increase shared cyber resilience.”
The ‘Hack DHS’ bug bounty program was announced last week. It allows vetted cybersecurity researchers to find and report vulnerabilities in external DHS systems, earning rewards of up to $5,000 per reported bug.