DARPA Launches Hardware Security Bug Bounty Program

US defense research arm asks ethical hackers to help protect its systems.
The Defense Advanced Research Projects Agency (DARPA) has launched its first ever bug bounty program focused on addressing hardware vulnerabilities.

DARPA, the research arm of the US Department of Defense, is asking white hat hackers to help strengthen its technology.

The Finding Exploits to Thwart Tampering (FETT) bug bounty will help further develop hardware security protections already in development by the System Security Integration Through Hardware and Firmware (SSITH) program.

DARPA launched SSITH in 2017, an initiative that focuses on addressing security issues at the source rather than relying on patches.

“The FETT bug bounty program is asking security researchers to devise novel exploit mechanisms capable of bypassing the hardware security protections that were developed under… SSITH,” Keith Rebello, program manager for DARPA, told The Daily Swig.

“The goal is to discover potential weaknesses within the SSITH hardware defenses that could be exploited through these novel methods, and to share those uncovered weaknesses or bugs with DARPA so that they can be addressed in future iterations of the hardware security technologies.”

White hats can earn up to $25,000 in the DARPA program, with targets including Covid-19 medical records and electoral voting systems – a topical issue in recent years.

The bug bounty program will run from July to September 2020, allowing “ample time” for researchers to test the hardware.

This post was originally published by The Daily Swig on portswigger.net

Related posts