Slashdot Mirror
US Senators Propose Bug Bounties For Hacking Homeland Security (cnn.com)
An anonymous reader quotes CNN:
U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force...
The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.
The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.
The Computer Fraud and Abuse Act of 1986 imposes very harsh penalties for hacking and has been used as a hammer to crush individuals who've managed to draw the attention of the authorities. The US Government has used this law repeatedly over the years to destroy the lives of promising young Americans with prodigious computer skills who were relatively harmless if somewhat misguided. For example, the case of Aaron Schwartz comes easily to mind. Fast forward thirty years and now that cyber security is a thing they want our help? Talk about ingratitude.
If you get any credible proof you've succeeded, you're still going to Gitmo for the rest of your life.
If you get any credible proof you've succeeded, you're still going to Gitmo for the rest of your life.
Of course not! When you succeed hacking the DHS:
- If you didn’t get caught, you sell your data to Russia as usual for a rather large reward.
- If you did get caught, you explain that this was for the bug hunt and submit your findings to the DHS for a much smaller reward.