On the recordApril 20, 2016
Mr. Speaker, on Monday, the Department of Defense kicked off the first bug bounty program in the history of the Federal Government. Like similar programs used in industry, Hack the Pentagon is based on a coordinated vulnerability disclosure process. If a security researcher finds a security problem in public-facing Web sites that are operated by the DOD, he or she can submit it for review. Should the bug represent a security risk, the Department will then pay the researcher a bounty for his or her work. Coordinated vulnerability programs allow us to crowdsource security, encouraging curious minds to share their discoveries responsibly while providing accountability for institutions that operate or develop software. I congratulate Secretary Carter for his leadership in creating this program, and I hope other agencies consider adopting programs like this of their own. Mr. Speaker, I encourage any hackers out there to check out Hack the Pentagon site and help make the pilot program a success. ____________________
