The U.S.
Department of Defense’s Cyber Crime Center (DC3) received more than
2,800 validated vulnerability reports from a variety of sources, according to
its 2019 Vulnerability Disclosure Program (VDP).
In 2019 the VDP processed 4,013 vulnerability reports establishing that 2,816 were in fact previously unknown vulnerabilities, according to the VDP’s annual report. The VDN was created to help improve the defensive posture of the DoD’s information network and is comprised of a network of 1,400 white hat hackers and bug bounty hunters.
Overall, the program has gone through in excess of 12,000 reports.
The top five
Common Weakness Enumerations (CWE) the program found were:
- Information exposure – 832 reports
- Violation of secure design principles
– 403 reports - Business logic errors – 171 reports
- Cross-site scripting – 371 reports
- Open redirect – 147 reports
“The numbers
for 2019 don’t lie. It was our busiest year to date with a staggering 21.7%
increase of submitted reports from 2017,” the report stated, adding, “Initiatives
like Bug Bounties, VDP, and hacking events like the F-15 at DEFCON this past
year, continually demonstrate a unparalleled capability of the researcher
community to discover vulnerabilities that our internal DoD agencies haven’t.”
