HackerOne, Synack win DOD contracts to expand bug bounty program
October 20, 2016
The Department of Defense has awarded two contracts to expand its bug bounty program across a variety of its digital assets.
Greg Otto is FedScoop's technology reporter, covering all of the innovative tech government is leveraging: cloud computing, mobility, cybersecurity...
The race to achieve a more mobile government may be coming to a screeching halt, according to a new survey of federal managers.
A report from the Government Business Council and Samsung released Tuesday showed that nearly two-thirds (64 percent) of the federal leaders surveyed do not see their department or agency prioritizing mobile technology over the next year. They cited security as the main hangup from further integrating mobile devices into federal agencies' workflow.
"The survey responses suggest that federal managers believe there is an implicit trade-off between flexibility and security, potentially limiting efforts to expand the use of mobile devices for work functions," the survey's summary said.
As to why agencies wouldn't expand into mobile, most of the concerns were security related. "Security of device" was ranked highest, a worry to 55 percent of respondents, with "security of mobile applications" at 49 percent and "security of external networks" at 47 percent.
Security concerns may be stifling further integration of mobile technology. Fifty-five percent of respondents said their agencies are reluctant to encourage mobile innovation, with defense agencies being slower than others to adopt new technology. Of the 69 managers who identified themselves as Defense Department workers, nearly half (48 percent) said they do not use any mobile devices for work functions.
Even those with a mobility plan find they are limited in choices. Fifty-eight percent of those surveyed disagreed that employees have sufficient options when it comes to mobile devices that meet security standards.
"My agency is so security nervous that applications that other agencies use are forbidden to me," said one unidentified survey respondent. "We also have little to no choice in mobile devices — if not on the approved list, forget it."
Many of those surveyed said while mobile devices provide flexibility, they cannot be secure. Fifty-nine percent of respondents said there is an implicit trade off between flexibility and security when it comes to mobile technology. Even as agencies continue to implement mobile tech, managers don't believe they are getting the necessary training to keep their devices or networks secure. Nearly half of all respondents (48 percent) said they don't receive adequate training in mobile security.
"I think we need a comprehensive, but flexible, policy for mobile technologies within the DOD," said another survey respondent. "Mobile technologies should be fully integrated with existing software and based upon commercially available hardware."
When it comes to deciding between corporate-owned, personally-enabled (COPE) devices or workers bringing their own (BYOD), federal managers find agency devices much more secure. Sixty-two percent of respondents who manage COPE devices are confident in their device's security, while only 36 percent of respondents have the same security confidence in BYOD devices.
The survey concluded that while COPE devices may offer the most security, large-scale implementation may not fit into all agency budgets. With the advances in mobile security, BYOD capabilities may provide a cost-effective way of integrating mobile devices.
The survey gathered information from managers at a number of different agencies, including the Department of the Treasury, Department of Defense and Department of Homeland Security, among others.