House Lawmakers Introduce Hack the State Department Bug Bounty Bill

The bill would offer cash rewards for vulnerabilities hackers discover in State Department websites.

Non-government security researchers would receive cash prizes for finding hackable vulnerabilities in State Department websites under legislation introduced Wednesday.

The Hack Your State Department bill from Reps. Ted Lieu, D-Calif., and Ted Yoho, R-Fla., follows a string of pilot “bug bounty” programs in the Pentagon, Army and Air Force. The General Services Administration’s Technology Transformation Service has also offered a bug bounty.

Lieu also introduced a bug bounty bill for the Homeland Security Department. A Senateversion of that bill was included in a department reauthorization bill that passed the committee this month.

Bug bounties have become common at large tech companies but are only recently hitting their stride at non-tech firms and in government.

The State Department bill does not include an appropriation to cover the bug bounty’s costs.

The bill requires a report within six months, and annually thereafter, about how many vulnerabilities outside researchers discover, how severe they are and how quickly the State Department fixes them.