{"id":67309,"date":"2024-10-15T13:53:56","date_gmt":"2024-10-15T17:53:56","guid":{"rendered":"https:\/\/statescoop.com\/?p=67309"},"modified":"2024-10-15T14:56:04","modified_gmt":"2024-10-15T18:56:04","slug":"maryland-state-bug-bounty-program-2024","status":"publish","type":"post","link":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","title":{"rendered":"White-hat hackers found 40+ vulnerabilities in Maryland’s first bug bounty program"},"content":{"rendered":"\n

The Maryland Department of Information Technology on Tuesday shared the results of its first bug bounty program, in which participating hackers found more than 40 vulnerabilities on the state’s websites.<\/p>\n\n\n\n

The bug bounty program began on July 30 as an assessment of just a few of the state’s digital “assets,” and it was later expanded to include 12 assets hosted on Maryland.gov, md.gov and state.md.us. Over the course of the program, which concluded Aug. 28, hackers vetted by the state and the cybersecurity firm HackerOne found more than 40 vulnerabilities, which the state fixed before threat actors could exploit them.<\/p>\n\n\n\n

The state paid participants for each vulnerability discovered. The state did not disclose the amounts, which were based on the severity of the uncovered vulnerability.<\/p>\n\n\n\n

Officials said the program helped the technology department establish relationships with private-sector cybersecurity leaders that will enable future bug bounties and other cybersecurity vulnerability programs.<\/p>\n\n\n\n

Many federal agencies have run similar programs. Maryland’s bug bounty program is modeled after a program run by the Department of Defense’s<\/a> Defense Digital Service to identify vulnerabilities in defense systems, according to a state news release. Before becoming Maryland’s chief information officer last year, Katie Savage led the Defense Digital Service, which ran a program called “Hack the Pentagon<\/a>,” along with other bug bounty programs.<\/p>\n\n\n\n

“Bug bounty programs have completely changed how the federal government identifies and remediates cybersecurity vulnerabilities,” Savage said in the release. “By implementing the widest state-level bug bounty program in our nation, the State of Maryland will identify vulnerabilities more quickly, establish strong, long-term ties with the security researcher community, and keep our state secure.”<\/p>\n\n\n\n

The state’s Office of Security Management, which is led by Gregory Rogers, the state’s chief information security officer, helped facilitate the bug bounty program. Rogers said the program was part of a statewide cybersecurity strategy and information security program.<\/p>\n\n\n\n

“The Office of Security Management is taking advantage of the latest strategies, innovations, and policy frameworks to achieve whole-of-State cybersecurity and protect against threat actors,” Rogers said in the release. “By strengthening our ties with our nation’s thriving security researcher community, we are building a secure State that can protect itself and its constituents, now and in the future.”<\/p>\n","protected":false},"excerpt":{"rendered":"

Participants in Maryland’s first bug bounty program uncovered more than 40 vulnerabilities affecting the state’s websites.<\/p>\n","protected":false},"author":133,"featured_media":37832,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"disable_grayscale_images":true,"grayscale_contrast":0,"sponsored_content":false,"display_author_bio":true,"story_type":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[20646],"tags":[248,2078,5679,16536,23839,25149],"people":[],"special-report":[],"authors":[23807],"class_list":["post-67309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-maryland","tag-hackers","tag-maryland-department-of-information-technology","tag-cybersecurity","tag-katie-savage","tag-bug-bounty","author-kquinlan"],"yoast_head":"\nWhite-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop<\/title>\n<meta name=\"description\" content=\"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"White-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop\" \/>\n<meta property=\"og:description\" content=\"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/\" \/>\n<meta property=\"og:site_name\" content=\"StateScoop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/StateScoop\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-15T17:53:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-15T18:56:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2121\" \/>\n\t<meta property=\"og:image:height\" content=\"1414\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Keely Quinlan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@State_Scoop\" \/>\n<meta name=\"twitter:site\" content=\"@State_Scoop\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/\",\"url\":\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/\",\"name\":\"White-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop\",\"isPartOf\":{\"@id\":\"https:\/\/statescoop.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg\",\"datePublished\":\"2024-10-15T17:53:56+00:00\",\"dateModified\":\"2024-10-15T18:56:04+00:00\",\"description\":\"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg\",\"width\":2121,\"height\":1414,\"caption\":\"(Getty Images)\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/statescoop.com\/#website\",\"url\":\"https:\/\/statescoop.com\/\",\"name\":\"StateScoop\",\"description\":\"Latest news and events in state and local government technology\",\"publisher\":{\"@id\":\"https:\/\/statescoop.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/statescoop.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/statescoop.com\/#organization\",\"name\":\"StateScoop\",\"url\":\"https:\/\/statescoop.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"contentUrl\":\"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png\",\"width\":1470,\"height\":186,\"caption\":\"StateScoop\"},\"image\":{\"@id\":\"https:\/\/statescoop.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/StateScoop\/\",\"https:\/\/x.com\/State_Scoop\",\"https:\/\/www.linkedin.com\/company\/statescoop\/\",\"https:\/\/www.youtube.com\/@StateScoop\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"White-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop","description":"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","og_locale":"en_US","og_type":"article","og_title":"White-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop","og_description":"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.","og_url":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","og_site_name":"StateScoop","article_publisher":"https:\/\/www.facebook.com\/StateScoop\/","article_published_time":"2024-10-15T17:53:56+00:00","article_modified_time":"2024-10-15T18:56:04+00:00","og_image":[{"width":2121,"height":1414,"url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg","type":"image\/jpeg"}],"author":"Keely Quinlan","twitter_card":"summary_large_image","twitter_creator":"@State_Scoop","twitter_site":"@State_Scoop","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","url":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","name":"White-hat hackers found 40+ vulnerabilities in Maryland's first bug bounty program | StateScoop","isPartOf":{"@id":"https:\/\/statescoop.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage"},"image":{"@id":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg","datePublished":"2024-10-15T17:53:56+00:00","dateModified":"2024-10-15T18:56:04+00:00","description":"Participants in Maryland's first bug bounty program uncovered more than 40 vulnerabilities affecting the state's websites.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/#primaryimage","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg","width":2121,"height":1414,"caption":"(Getty Images)"},{"@type":"WebSite","@id":"https:\/\/statescoop.com\/#website","url":"https:\/\/statescoop.com\/","name":"StateScoop","description":"Latest news and events in state and local government technology","publisher":{"@id":"https:\/\/statescoop.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/statescoop.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/statescoop.com\/#organization","name":"StateScoop","url":"https:\/\/statescoop.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","contentUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/StateScoop-Black.png","width":1470,"height":186,"caption":"StateScoop"},"image":{"@id":"https:\/\/statescoop.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/StateScoop\/","https:\/\/x.com\/State_Scoop","https:\/\/www.linkedin.com\/company\/statescoop\/","https:\/\/www.youtube.com\/@StateScoop"]}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"White-hat hackers found 40+ vulnerabilities in Maryland’s first bug bounty program","url":"http:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/","mainEntityOfPage":{"@type":"WebPage","@id":"http:\/\/statescoop.com\/maryland-state-bug-bounty-program-2024\/"},"thumbnailUrl":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg?w=150&h=150&crop=1","image":{"@type":"ImageObject","url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg"},"articleSection":"Cybersecurity","author":[{"@type":"Person","name":"Keely Quinlan","url":"https:\/\/statescoop.com\/author\/kquinlan\/"}],"creator":["Keely Quinlan"],"publisher":{"@type":"Organization","name":"StateScoop","logo":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2023\/01\/cropped-ss_favicon.png"},"keywords":["bug bounty","cybersecurity","hackers","katie savage","maryland","maryland department of information technology"],"dateCreated":"2024-10-15T17:53:56Z","datePublished":"2024-10-15T17:53:56Z","dateModified":"2024-10-15T18:56:04Z"},"rendered":"<script type=\"application\/ld+json\" class=\"wp-parsely-metadata\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"NewsArticle\",\"headline\":\"White-hat hackers found 40+ vulnerabilities in Maryland’s first bug bounty program\",\"url\":\"http:\\\/\\\/statescoop.com\\\/maryland-state-bug-bounty-program-2024\\\/\",\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/statescoop.com\\\/maryland-state-bug-bounty-program-2024\\\/\"},\"thumbnailUrl\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2021\\\/01\\\/GettyImages-497260520.jpg?w=150&h=150&crop=1\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2021\\\/01\\\/GettyImages-497260520.jpg\"},\"articleSection\":\"Cybersecurity\",\"author\":[{\"@type\":\"Person\",\"name\":\"Keely Quinlan\",\"url\":\"https:\\\/\\\/statescoop.com\\\/author\\\/kquinlan\\\/\"}],\"creator\":[\"Keely Quinlan\"],\"publisher\":{\"@type\":\"Organization\",\"name\":\"StateScoop\",\"logo\":\"https:\\\/\\\/statescoop.com\\\/wp-content\\\/uploads\\\/sites\\\/6\\\/2023\\\/01\\\/cropped-ss_favicon.png\"},\"keywords\":[\"bug bounty\",\"cybersecurity\",\"hackers\",\"katie savage\",\"maryland\",\"maryland department of information technology\"],\"dateCreated\":\"2024-10-15T17:53:56Z\",\"datePublished\":\"2024-10-15T17:53:56Z\",\"dateModified\":\"2024-10-15T18:56:04Z\"}<\/script>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/statescoop.com\/p.js"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2021\/01\/GettyImages-497260520.jpg","distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"StateScoop","distributor_original_site_url":"https:\/\/statescoop.com","push-errors":false,"_links":{"self":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/67309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/users\/133"}],"replies":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/comments?post=67309"}],"version-history":[{"count":11,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/67309\/revisions"}],"predecessor-version":[{"id":67334,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/posts\/67309\/revisions\/67334"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media\/37832"}],"wp:attachment":[{"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/media?parent=67309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/categories?post=67309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/tags?post=67309"},{"taxonomy":"people","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/people?post=67309"},{"taxonomy":"special-report","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/special-report?post=67309"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/statescoop.com\/wp-json\/wp\/v2\/authors?post=67309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}