Like Countable?

Install the App
TRY NOW

house Bill H.R. 328

Should the State Dept. Have a Bug Bounty Program to Root Out Cyber Vulnerabilities?

Argument in favor

The State Dept. has been subject to repeated cyber attacks in recent years, and it doesn’t have the internal capacity and expertise to identify and fix its cyber vulnerabilities. Establishing a bug bounty program will help the State Dept. find its vulnerabilities, so it can address them.

···
01/21/2019
I approve of this bill if in addition to the bug bounty program, a comprehensive investigation and overhaul of the overall cyber security program at State is conducted at the same time. There is a tendency for stop-gap measures like a bug bounty to become entrenched and relied upon because they can be manipulated by political forces. A full investigation, followed by ongoing routine comprehensive reviews, is the best protection for the department.
Like (91)
Follow
Share
Kj's Opinion
···
01/23/2019
Application security is one of the most overlooked aspects of testing in software development. Bug bounty programs allow security professionals of various specialties and backgrounds to get rewarded for their work and to do it safely—without an official program, it is very easy for these professionals to get into legal trouble. The findings of freelance security specialists helps keep our technology secure, and they should get rewarded for that work.
Like (49)
Follow
Share
burrkitty's Opinion
···
01/21/2019
Spending on cyber security needs to be seriously ramping up. This is a good program that mimics what tech companies do to protect their own systems. Spending wise it’s a grain of sand on the beach. Go to it!
Like (37)
Follow
Share

Argument opposed

Bug bounty programs are expensive and cumbersome to maintain. They also aren’t a substitute for internal cybersecurity capacity. Rather than establishing a bug bounty program, the State Dept. should spend its time and money on improving its internal cyber defense capabilities.

Mark's Opinion
···
01/23/2019
Why not just hire the best and pay them well. Geez, it's just our national security.
Like (39)
Follow
Share
dEllett's Opinion
···
01/23/2019
Not just nay, but hell nay! This is ludicrous! This is another major indictment of our failing government and particularly our current legislature. I find this incredibly incompetent and very distressing. Were this not part of a larger pattern, I would think they were insane, but no, just incredibly incompetent and corrupt. I fully agree with the remarks by “Katie Moussouris, A BUG BOUNTY EXPERT and founder of Luta Security”: “Congress “should be funding an overhaul of internal capabilities” (my exact immediate reaction when I read this bill) Bug bounties should only be used in circumstances where you’ve done your best to find and fix issues yourself, not as a replacement for due diligence and process, and not as a replacement for professional penetration testing.” Considering all the things we waste time and money on, ESPECIALLY NON-GOVERNMENT ISSUES, to fail to address the root problems of a major, wide-ranging and serious issue with the appropriate dedication of time and priority of government resources is a disturbing abdication of their primary responsibilities, even considering their greater precedent and abject failure to address the looming economic catastrophe of Social Security, Medicare and Medicaid. We have witnessed a disturbing trend in both government and the private sector of waiting until a major hack occurs before addressing cybersecurity. Congress pretends to great protest and anger when the private sector does this. Not only do they then fail to do anything of significance, but they then pretend ignorance and anger when our own government exceeds the private sector in the depth and breadth of its data breaches, assuming we are even aware of all the government data breaches.
Like (17)
Follow
Share
operaman's Opinion
···
04/13/2019
Are our cybercrime experts paid a salary to discover cyber vulnerability? So why paid a bonus for them to discover bugs when it’s their job?
Like (12)
Follow
Share

bill Progress


  • Not enacted
    The President has not signed this bill
  • The senate has not voted
      senate Committees
      Committee on Foreign Relations
  • The house Passed January 22nd, 2019
    Roll Call Vote 377 Yea / 3 Nay
      house Committees
      Committee on Foreign Affairs
    IntroducedJanuary 8th, 2019

Log in or create an account to see how your Reps voted!
    I approve of this bill if in addition to the bug bounty program, a comprehensive investigation and overhaul of the overall cyber security program at State is conducted at the same time. There is a tendency for stop-gap measures like a bug bounty to become entrenched and relied upon because they can be manipulated by political forces. A full investigation, followed by ongoing routine comprehensive reviews, is the best protection for the department.
    Like (91)
    Follow
    Share
    Why not just hire the best and pay them well. Geez, it's just our national security.
    Like (39)
    Follow
    Share
    Application security is one of the most overlooked aspects of testing in software development. Bug bounty programs allow security professionals of various specialties and backgrounds to get rewarded for their work and to do it safely—without an official program, it is very easy for these professionals to get into legal trouble. The findings of freelance security specialists helps keep our technology secure, and they should get rewarded for that work.
    Like (49)
    Follow
    Share
    Spending on cyber security needs to be seriously ramping up. This is a good program that mimics what tech companies do to protect their own systems. Spending wise it’s a grain of sand on the beach. Go to it!
    Like (37)
    Follow
    Share
    Not just nay, but hell nay! This is ludicrous! This is another major indictment of our failing government and particularly our current legislature. I find this incredibly incompetent and very distressing. Were this not part of a larger pattern, I would think they were insane, but no, just incredibly incompetent and corrupt. I fully agree with the remarks by “Katie Moussouris, A BUG BOUNTY EXPERT and founder of Luta Security”: “Congress “should be funding an overhaul of internal capabilities” (my exact immediate reaction when I read this bill) Bug bounties should only be used in circumstances where you’ve done your best to find and fix issues yourself, not as a replacement for due diligence and process, and not as a replacement for professional penetration testing.” Considering all the things we waste time and money on, ESPECIALLY NON-GOVERNMENT ISSUES, to fail to address the root problems of a major, wide-ranging and serious issue with the appropriate dedication of time and priority of government resources is a disturbing abdication of their primary responsibilities, even considering their greater precedent and abject failure to address the looming economic catastrophe of Social Security, Medicare and Medicaid. We have witnessed a disturbing trend in both government and the private sector of waiting until a major hack occurs before addressing cybersecurity. Congress pretends to great protest and anger when the private sector does this. Not only do they then fail to do anything of significance, but they then pretend ignorance and anger when our own government exceeds the private sector in the depth and breadth of its data breaches, assuming we are even aware of all the government data breaches.
    Like (17)
    Follow
    Share
    Of course we should protect ourselves! And I love the fact that it will be an internal department and not contracted out to some corporation.
    Like (13)
    Follow
    Share
    Are our cybercrime experts paid a salary to discover cyber vulnerability? So why paid a bonus for them to discover bugs when it’s their job?
    Like (12)
    Follow
    Share
    Yes. Our state Department must be cyber secure. And humans must not share state secrets with dictator regimes ( trump and Pompeo are both national security threats)
    Like (11)
    Follow
    Share
    Foreign and domestic entities do not need to know where vulnerabilities lie within our net infrastructures. Locate and identify the weaknesses and let the companies know but don’t put it all out tbere
    Like (9)
    Follow
    Share
    This is a great place to start. What is really needed is a Government-wide cyber security operation that does its own research and coordinates with all of the other governmental resources.
    Like (9)
    Follow
    Share
    Does a cat or dog scratch flees when they have them. This is a no-brainer. Yes, of course we should have and put into place all measures of security and protections against cyber threats as well concrete securities like the wall. Build that wall and save taxpayers money!
    Like (9)
    Follow
    Share
    Anything this creep Ted Lieu supports I oppose. This guy is a hateful scumbag.
    Like (8)
    Follow
    Share
    Need a NON “gun-slinger” sensational bumper-sticker, thoughtful, FULL-TIME approach to something as SERIOUS as cyber security! ...something THIS president is totally incapable of doing...
    Like (6)
    Follow
    Share
    I have a serious problem with our own government not having the expertise or technical understanding to deal with these threats. This seems like a no brainer. Why would we, as a country, not have the best in cybersecurity working for the government on all aspects of cyber threats. This goes back to why we should have a Department of Science and Technology and committees made up of leaders in this industry. We should not be hiring bounty hunters to hunt these people down unless it is in relation to lending assistance in extreme cases. Americans should not feel like their infrastructure is not protected proactively but rather, reacts only when events happen.
    Like (5)
    Follow
    Share
    The projected cost is a drop in the bucket! Something needs to be done and as far as I'm concerned more $ needs to be spent on protecting our State Dept. as well as ALL depts. of government, state, local, federal
    Like (5)
    Follow
    Share
    Really? Hello enemies... here are our week doors that you can lock in and get access to our information. And as a bonus we will pay you to steel from us! Win win!! No way should this be made public. If you want to do this, vet teams to do this. Don’t make it public. It could be singular to a hackathon games.
    Like (4)
    Follow
    Share
    The State Dept. has been subject to repeated cyber attacks in recent years, and it doesn’t have the internal capacity and expertise to identify and fix its cyber vulnerabilities. Establishing a bug bounty program will help the State Dept. find its vulnerabilities, so it can address them.
    Like (3)
    Follow
    Share
    PROBABLY CAN'T PASS THE SENATE AFTER TRUMP SAID "I LOVE WIKILEAKS" 160 TIMES DURING ONE MONTH OF CAMPAIGNING. CROOKED TRUMP AND THE GOP WON'T STAND FOR TRANSPARENCY AND ACCOUNTABILITY.
    Like (3)
    Follow
    Share
    I think that would be helpful.
    Like (2)
    Follow
    Share
    As long as this is only used for the state department internal affairs and cyber attacks...this should in no way affect any citizen besides keeping them safe....I'm beyond Hesitant to expand and broader the scope of government because in some way shape or form I worry about the power abuse...
    Like (2)
    Follow
    Share
    MORE