Defence Revamps Vulnerability Disclosure Program for 2023
The Australian Department of Defence has revamped its Vulnerability Disclosure Program (VDP) for 2023. This cybersecurity initiative aims to report IT security flaws transparently, ethically, and legally. The program welcomes responsible security researchers worldwide, with no formal registration required. Major General Susan Coyle, head of Defence's Information Warfare Division, encourages diverse applicants passionate about cybersecurity to apply.
The program, running openly but not like a classic 'Bug Bounty', allows researchers to work on reported security issues anytime, adhering to its rules. Key conditions include no lawbreaking, good faith actions, and minimal disruption to systems. Researchers can test publicly accessible or explicitly approved services, but not through DDoS attacks. Found personal data must not be stored, published, or shared. Discovered vulnerabilities should be reported promptly via the Defence Ethical Hacker Gateway. Public disclosure is prohibited until Australian Defence approves it. Participants are expected to cooperate fully and communicate respectfully. While the program is non-monetary, exceptional contributions may be publicly recognised. Applications for the 2023 ADF Cyber Gap Program are open from 1 September to 31 October 2022, via the Digital Profession website, to Australian citizens enrolled in or about to commence cyber-related studies. The program seeks to foster a strong, diverse cyber workforce for national security and boost Australia's sovereign cyber capability.
The revamped Australian Department of Defence Vulnerability Disclosure Program encourages global cybersecurity researchers to participate, fostering a transparent and ethical reporting environment. With applications open for the 2023 ADF Cyber Gap Program, Australian citizens studying cyber-related fields are invited to contribute to building a robust, diverse cyber workforce for national security.
