DHS bug bounty program? It could happen, even in a divided Congress

The U.S. federal government has been utilizing bug bounty programs for some time now. One essential component to the federal infrastructure post-9/11, the Department of Homeland Security, has yet to implement these programs, however. If certain members of Congress are successful in their bid, this is all due to change.

A press release from the office of Sen. Maggie Hassan (D-N.H.) announced the Hack Department of Homeland Security (DHS) Act, which will seek to form a bug bounty program employing white hats to find vulnerabilities in DHS networks and data systems. The bill is a bipartisan Senate effort introduced by Hassan and Rob Portman (R-Ohio), with co-sponsorship from Claire McCaskill (D-Mo.) and Kamala Harris (D-Calif).

The press release gave the inspiration behind the bill in the words of Sen. Hassan:

“The Hack DHS Act provides this help by drawing upon an untapped resource—patriotic and ethical hackers across the country who want to stop these threats before they endanger their fellow citizens. This bipartisan bill take the first step to utilize best practices from the private sector to harness the skills of hackers across America as a force multiplier against these cyber threats. I will work with members of both parties to move this important bill forward.”

Patriotic language aside, the senator is quite correct in her assertion that white hats will be eager to find vulnerabilities. There must be a decent financial incentive, however, as there is a considerable amount of effort required to find exploits. If past U.S. government bug bounties are any indication, I imagine the hackers will be well paid for their efforts.

This is all still in a hypothetical stage, as congressional gridlock impedes bills far more often than any of us would like to admit. The hope here is, at least in my opinion, that the bipartisan nature of the bill will allow it to fast track  compared against other legislative efforts. The U.S. government has seen how effective previous bug bounties for the Department of Defense have been, so I cannot imagine the Hack the DHS Act will face significant resistance.

Photo credit: U.S. Department of Homeland Security

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Simplifying cloud complexity: 4 roads to the same destination

As cloud computing grows, the sheer number of options can be a problem. But there…

1 hour ago

Building Exchange 2019 from scratch: Setting up a domain controller

If you are building a new Exchange 2019 environment from scratch, you will have to…

4 hours ago

RAID 1 vs. RAID 5: When to use each level and why

Redundant array of independent disks (RAID) is the logical grouping of two or more disks…

23 hours ago

Microsoft 365 adds online scheduling to Microsoft Bookings app

Microsoft 365 users have access to an app called Microsoft Bookings. Before you dismiss it…

1 day ago

Biometrics authentication: Where the technology is now — and where it’s going

As cyberthreats rise in number and complexity, biometrics authentication technology has seen rapid adoption and…

4 days ago

Remote work vulnerabilities: Tips on avoiding a nightmare scenario

Remote work is likely to remain permanent — and so will the vulnerabilities it brings…

4 days ago