DHS Says Senate-Mandated Bug Bounty Contest is Duplicative
“Congress is itching to launch a bug bounty program at the Homeland Security Department, but department officials are ambivalent about the idea,” writes Joseph Marks this week in Nextgov.
The Senate on Tuesday passed a bill “mandating a bug bounty” contest intended to encourage programmers to find weaknesses in DHS’ systems. But, according to Marks, DHS says the proposal “would duplicate work it’s already doing.”
Under the contest, mandated under the Hack DHS Act, “ethical hackers earn cash rewards for spotting digital vulnerabilities in Homeland Security websites and web tools.”
Chris Krebs, acting undersecretary for the DHS cyber division, indicated the resources could be better spent elsewhere, and that the effect might inadvertently be to diminish DHS’ own capability.
“We have the hunt and incident response team, which gets us the same capability,” Krebs said. “If we wanted to add bandwidth and depth by bringing in pre-vetted and pre-cleared folks like [the Pentagon] did … we’re open to that program. But it has to be resourced appropriately. I don’t have a budget sitting anywhere that would be able to reward folks that found bugs.”
Posted in Featured News