The House Homeland Security Committee on Thursday voted to approve S. 1281, the Hack the Department of Homeland Security Act, that would establish a bug bounty pilot program within DHS.
The program would temporarily authorize individuals or companies to identify and report vulnerabilities of DHS “Internet-facing information technology” in exchange for compensation in the event that they found previously unidentified security vulnerabilities. DHS would be required to report back to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee about any vulnerabilities that were found through the program.
The House committee also approved a second bill–H.R. 6735–that would direct the DHS Secretary to establish a vulnerability disclosure policy for the agency’s websites. The policy would include how parties should disclose vulnerabilities that they discover, and how DHS should then move to mitigate or remediate them.