The Maryland Department of Information Technology (DoIT) announced that “white hat” hackers found more than 40 exploitable vulnerabilities in the state’s first-ever bug bounty program.
DoIT said the bug bounty program is the “widest-reaching state-level program of its kind in the United States,” adding that “only the Federal government has publicly known bug-bounty programs with such a wide scope.”
Initially, the state’s bug bounty program launched as a focused assessment of 12 key state web assets. After a successful initial phase, DoIT expanded the program to include all public-facing web assets on *.maryland.gov, *.md.gov, and *.state.md.us.
Having trusted security researchers test publicly-facing web assets allows DoIT to identify and remediate critical vulnerabilities, and safeguard valuable private information and systems. The state said that the researchers were vetted by the DoIT and HackerOne, a cybersecurity firm. State leaders added that this initial program has established a strong relationship that will enable DoIT to orchestrate future bug bounties and other cybersecurity vulnerability programs.
“Bug bounty programs have completely changed how the Federal government identifies and remediates cybersecurity vulnerabilities,” said Katie Savage, Maryland’s secretary of IT.
“By implementing the widest state-level bug bounty program in our nation, the State of Maryland will identify vulnerabilities more quickly, establish strong, long-term ties with the security researcher community, and keep our state secure,” she said.
The bug bounty program was facilitated by the Office of Security Management within DoIT.
“The Office of Security Management is taking advantage of the latest strategies, innovations, and policy frameworks to achieve whole-of-State cybersecurity and protect against threat actors,” said Gregory Rogers, Maryland’s chief information security officer and head of the Office of Security Management within DoIT. “By strengthening our ties with our nation’s thriving security researcher community, we are building a secure State that can protect itself and its constituents, now and in the future.”
