In a 377-3 bipartisan vote, the U.S. House of Representatives has passed H.R. 238, the “Hack Your State Department Act.” If this bill becomes law, the U.S. State Department would have one year to establish a pilot “bug bounty program” under which qualified security researchers or “ethical hackers” would be temporarily authorized to identify and report vulnerabilities of State Department networks and systems in exchange for compensation. The State Department would first have to adopt guidelines for qualifications and other requirements for participating in the program.
In addition, the bill would provide for the State Department to provide annual reporting on various items, including the number and severity of security vulnerabilities that are reported, the number of previously unidentified security vulnerabilities that are remediated as a result of the bug bounty program and general lessons learned from the program. The Department of Defense launched a similar “Hack the Pentagon” program in 2016.
© 2019 Ossian Law P.C.