Sec. 304. Bug bounty programs
171 words·~1 min read·
/bill/115/s/2035/is/section-304A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of the enactment of this Act, the Under Secretary for National Protection and Programs Directorate of the Department shall submit a strategic plan to implement bug bounty programs at appropriate agencies and departments of the United States to— the Committee on Homeland Security and Governmental Affairs of the Senate; the Select Committee on Intelligence of the Senate; the Committee on Homeland Security of the House of Representatives; and the Permanent Select Committee on Intelligence of the House of Representatives. The plan under subsection
(a)shall include— an assessment on— the effectiveness of the Hack the Pentagon pilot program carried out by the Department of Defense in 2016 and subsequent bug bounty programs in identifying and reporting vulnerabilities within the information systems of the Department of Defense; and private sector bug bounty programs, including such programs implemented by leading technology companies in the United States; and recommendations on the feasibility of initiating bug bounty programs at appropriate agencies and departments of the United States.