Bug Bounty Hackers Bill Introduced into the US Senate

A bipartisan pair of US Senators introduced a bill that would require the US Department of Homeland Security to create an ongoing program to allow security experts to report bugs on agency websites.

The Public-Private Cybersecurity Cooperation Act, introduced Thursday by Sen. Rob Portman, R-Ohio, and Maggie Hassan, D-N.H., requires Homeland Security to create a vulnerability disclosure program so hackers can report problems they find to the proper authorities without being prosecuted for breaking laws like the 1986 Computer Fraud and Abuse Act.

“This bill encourages ethical hackers to come forward with information they find about vulnerabilities in our government networks by assuring them that if they do, they’ll have protection under the law,” Hassan said in a statement.

If enacted, Homeland Security would develop a remediation process to address any reported bugs and present annual reports tracking how many are reported, how many are fixed and how long it’s taking between a flaw being reported and being fixed. Congress also wants to know how many people or organizations participate.

“As a long time former member of the MITRE CVE (OVAL) advisory board in the support of the National Vulnerability Database, housed at NIST, I believe this is an important step in helping to better harden our many exploitable government networks,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

The bill is a companion piece to House version sponsored by Majority Leader Kevin McCarthy, R-Calif, which passed in late September.

The Senate already passed another cybersecurity bill from Portman and Hassan called the Hack the Department of Homeland Security Act. That bill would also encourage outside security researchers to report vulnerabilities to the agency, but in scheduled bug bounty competitions.

The Hack DHS Act is still waiting on House action.

Sources: NextGov and Senate.gov

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase