Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Military Government Security Software United States

The Army Bug Bounty Program: a Critical Need In Defense (cyberdefensereview.org) 90

hypercard writes: It seems just about every major tech company and even a few other large non-tech corporations have bug bounty programs as part of an effort to improve security through a community effort. Captains Rock Stevens and Michael Weigand, both Cyber officers in the U.S. Army, recently published Army Vulnerability Response Program, an outline for a legal way of disclosing bugs in Army software and networks. They say, "[T]he Army does not have a central location for responsibly disclosing vulnerabilities found through daily use, much less a program that can permit active security assessments of networks or software solutions. Without a legal means to disclose vulnerabilities in Army software or networks, vulnerabilities are going unreported and unresolved."
This discussion has been archived. No new comments can be posted.

The Army Bug Bounty Program: a Critical Need In Defense

Comments Filter:
  • by willworkforbeer ( 924558 ) on Saturday October 24, 2015 @06:09PM (#50795165)
    Naming your kid after an obviously comic-book-based superhero like: "Captain Rock Stevens".

    So obviously DC Golden Age. amirite?
  • by PolygamousRanchKid ( 1290638 ) on Saturday October 24, 2015 @06:19PM (#50795209)

    The US Army doesn't like USB port on laptops, and the like, so they are physically disabled. US Army Dental Surgeons, specialists in things like peritonitis, my want to leave the army later, and go into a private practice. For that they need pictures of patients, documenting what they have done. They have the pictures on their machines, but can't copy them onto a USB stick, because the military does not want that.

    So what does a smart US Army Dental Surgeon do . . . ? Well, he figures out that he can send a picture to their printer . . . which happens to have a USB port for a memory stick. And then he can just save the pictures using this method.

    What do I win . . . ?

    • by Anonymous Coward

      Is there a legal procedure that they're meant to follow? MHS - PHIMT? "because the military does not want that" could be related to HIPAA. HIPAA requires entities to maintain a history of any disclosure events related to protected health information.

    • I would suspect they define "responsibly disclosed" as "only telling us".

    • While the USB/printing/USB at teh printer stuff might be true.
      Certainly a doctor who honours his profession would not use private data of patients to apply for a job elsewhere.
      In Eurpoe that would be illegal, and likely his future non employer would file the charges.
      No idea how the US is dealing with private medical data, though.

      • Even in Europe, I've seen pictures of x-rays and medical records in medical textbooks.

        Surely, all those textbooks are not all breaking the law, there must be some kind of way to maintain the privacy of people.

        Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. Or may be, asking those patients to sign a release form. It's not like a dentist is going to showcase the work of his unsuccessful procedures. He will mostly likel

        • Like I don't know, may be deleting the name of the patient and any other identifying information like the day and the month of their birth. [...] Or may be, asking those patients to sign a release form.
          (facepalm) Indded! You ask for consent of the patient.
          There is no other way.

          You can not publish legally a picture of me anywhere unless it is of public interest, e.g. me shooting the queen.

          And publishing a medical record of me without my consent makes you unemployable for quite a while.

          No idea why you ameri

  • This idea seems to be well reasoned.
    It has great potential to be both cost effective and practical...
    It's obviously lacking Congressional Oversight.
    • That's coming, I'm sure. Congress will dictate that the program needs to be run by Lockheed for $10 billion dollars.
  • Bug bounty, eh? (Score:4, Insightful)

    by Chris Mattern ( 191822 ) on Saturday October 24, 2015 @06:44PM (#50795295)
  • ... going to be a standup fight, sir, or another bug hunt?

  • all else is commentary.
  • by Anonymous Coward

    Crowdsourcing solutions is just another way of getting work done for cheap. The future of STEM is bleak.

  • So if you wanted to find out who knew about US military computer security what would you do? Not saying there is something 'fishy' going on (star wars marketing memes are super over the top at the moment, annoyingly so, PO Jerk Jerk A) but you had better make sure you have a legal reason for knowing the US military had or used computers let alone the security systems in use or the lack there of else you could find it's legal force fields up, their main legal weapon on line and a whole fleet of federal agen

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...