The bill would offer cash rewards for vulnerabilities hackers discover in State Department websites.
Non-government security researchers would receive cash prizes for finding hackable vulnerabilities in State Department websites under legislation introduced Wednesday.
The Hack Your State Department bill from Reps. Ted Lieu, D-Calif., and Ted Yoho, R-Fla., follows a string of pilot “bug bounty” programs in the Pentagon, Army and Air Force. The General Services Administration’s Technology Transformation Service has also offered a bug bounty.
Lieu also introduced a bug bounty bill for the Homeland Security Department. A Senate version of that bill was included in a department reauthorization bill that passed the committee this month.
Bug bounties have become common at large tech companies but are only recently hitting their stride at non-tech firms and in government.
The State Department bill does not include an appropriation to cover the bug bounty’s costs.
The bill requires a report within six months, and annually thereafter, about how many vulnerabilities outside researchers discover, how severe they are and how quickly the State Department fixes them.