U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. News
  3. Press Releases
  4. “Hack DHS” Program Successfully Concludes First Bug Bounty Program

“Hack DHS” Program Successfully Concludes First Bug Bounty Program

Release Date: April 22, 2022

WASHINGTON – Today, the Department of Homeland Security (DHS) announced the results of its first bug bounty program. Through the “Hack DHS” program, vetted cybersecurity researchers and ethical hackers are invited to identify potential cybersecurity vulnerabilities in select external DHS systems. In the first phase of this program, more than 450 vetted security researchers identified 122 vulnerabilities, of which 27 were determined to be critical. DHS awarded a total of $125,600 to participants for identifying these verified vulnerabilities. DHS was the first federal agency to expand its bug bounty program to find and report log4j vulnerabilities across all public-facing information system assets, which allowed the Department to identify and close vulnerabilities not surfaced through other means.

“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats.”

Hack DHS launched in December 2021 with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience. During the second phase of this three-phase program, vetted cybersecurity researchers and ethical hackers will participate in a live, in-person hacking event.  During the third and final phase, DHS will identify lessons learned, including to inform future bug bounty programs. 

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS Chief Information Officer Eric Hysen. “We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.” 

To learn more about Hack DHS, please visit DHS.gov. Further, organizations of all sizes can visit CISA’s Shields Up webpage for resources and guidance on the actions they should take to safeguard their networks and infrastructure, and stay informed about evolving cybersecurity threats.

Last Updated: 04/22/2022
Was this page helpful?
This page was not helpful because the content