Like Countable?

Install the App
TRY NOW

house Bill H.R. 328

Should the State Dept. Have a Bug Bounty Program to Root Out Cyber Vulnerabilities?

Argument in favor

The State Dept. has been subject to repeated cyber attacks in recent years, and it doesn’t have the internal capacity and expertise to identify and fix its cyber vulnerabilities. Establishing a bug bounty program will help the State Dept. find its vulnerabilities, so it can address them.

···
01/21/2019
I approve of this bill if in addition to the bug bounty program, a comprehensive investigation and overhaul of the overall cyber security program at State is conducted at the same time. There is a tendency for stop-gap measures like a bug bounty to become entrenched and relied upon because they can be manipulated by political forces. A full investigation, followed by ongoing routine comprehensive reviews, is the best protection for the department.
Like (91)
Follow
Share
Kj's Opinion
···
01/23/2019
Application security is one of the most overlooked aspects of testing in software development. Bug bounty programs allow security professionals of various specialties and backgrounds to get rewarded for their work and to do it safely—without an official program, it is very easy for these professionals to get into legal trouble. The findings of freelance security specialists helps keep our technology secure, and they should get rewarded for that work.
Like (49)
Follow
Share
burrkitty's Opinion
···
01/21/2019
Spending on cyber security needs to be seriously ramping up. This is a good program that mimics what tech companies do to protect their own systems. Spending wise it’s a grain of sand on the beach. Go to it!
Like (37)
Follow
Share

Argument opposed

Bug bounty programs are expensive and cumbersome to maintain. They also aren’t a substitute for internal cybersecurity capacity. Rather than establishing a bug bounty program, the State Dept. should spend its time and money on improving its internal cyber defense capabilities.

Mark's Opinion
···
01/23/2019
Why not just hire the best and pay them well. Geez, it's just our national security.
Like (39)
Follow
Share
dEllett's Opinion
···
01/23/2019
Not just nay, but hell nay! This is ludicrous! This is another major indictment of our failing government and particularly our current legislature. I find this incredibly incompetent and very distressing. Were this not part of a larger pattern, I would think they were insane, but no, just incredibly incompetent and corrupt. I fully agree with the remarks by “Katie Moussouris, A BUG BOUNTY EXPERT and founder of Luta Security”: “Congress “should be funding an overhaul of internal capabilities” (my exact immediate reaction when I read this bill) Bug bounties should only be used in circumstances where you’ve done your best to find and fix issues yourself, not as a replacement for due diligence and process, and not as a replacement for professional penetration testing.” Considering all the things we waste time and money on, ESPECIALLY NON-GOVERNMENT ISSUES, to fail to address the root problems of a major, wide-ranging and serious issue with the appropriate dedication of time and priority of government resources is a disturbing abdication of their primary responsibilities, even considering their greater precedent and abject failure to address the looming economic catastrophe of Social Security, Medicare and Medicaid. We have witnessed a disturbing trend in both government and the private sector of waiting until a major hack occurs before addressing cybersecurity. Congress pretends to great protest and anger when the private sector does this. Not only do they then fail to do anything of significance, but they then pretend ignorance and anger when our own government exceeds the private sector in the depth and breadth of its data breaches, assuming we are even aware of all the government data breaches.
Like (17)
Follow
Share
operaman's Opinion
···
04/13/2019
Are our cybercrime experts paid a salary to discover cyber vulnerability? So why paid a bonus for them to discover bugs when it’s their job?
Like (12)
Follow
Share

bill Progress


  • Not enacted
    The President has not signed this bill
  • The senate has not voted
      senate Committees
      Committee on Foreign Relations
  • The house Passed January 22nd, 2019
    Roll Call Vote 377 Yea / 3 Nay
      house Committees
      Committee on Foreign Affairs
    IntroducedJanuary 8th, 2019

Log in or create an account to see how your Reps voted!
    I don't know ANYTHING about computers or hacking... And I worked for the DOD. Embarrassed.
    Like (2)
    Follow
    Share
    As long as this is only used for the state department internal affairs and cyber attacks...this should in no way affect any citizen besides keeping them safe....I'm beyond Hesitant to expand and broader the scope of government because in some way shape or form I worry about the power abuse...
    Like (2)
    Follow
    Share
    This seems a simple yes unless there is something I am completely missing. Why wouldn't we have cyber security in place?
    Like (2)
    Follow
    Share
    This would be a great way for the federal employees to write code and send their friends the information so they can split the bounties. And if you don’t think that’s going to happen, consider the rest of the administration.
    Like (2)
    Follow
    Share
    We must implement ASAP
    Like (2)
    Follow
    Share
    I think that would be helpful.
    Like (2)
    Follow
    Share
    When I worked at the Pentagon the Cyber Security team worked adjacent to the help center were I filled in on Holiday's and weekends. The guy that ran it smoked also and we would go to the courtyard and smoke occasionally. At the time his team was fighting off constant attempts and hacks from China but he indicated to me that they saw it as an opportunity to review week points and strengthen the systems. This program sounds like it would be a good way to do similar work at the State Department and 500,000 over five years doesn't seem like a lot. I read that it passed. Congrats to the Congressman.
    Like (2)
    Follow
    Share
    Well, well, Brian Mast (FL-18) finally voted on something in the House. Will wonders never cease! He got re-elected but to curry favor with Trump and McConnell he's not voted on ANY bills to fund the government. For shame! Instead, he picks this harmless little bobble so people think he's actually at "work".
    Like (2)
    Follow
    Share
    Budgeting $500k over a 5 year period is a minor amount of money for a very serious known threat. It's a start that should be followed up with a broader internal cyber security program. This is the world we live in, and we know bad actors are out there. My only complaint is that Cheeto Twittler and his side kick Mitch will probably block it.
    Like (2)
    Follow
    Share
    The State Dept. has been subject to repeated cyber attacks in recent years, and it doesn’t have the internal capacity and expertise to identify and fix its cyber vulnerabilities. Establishing a bug bounty program will help the State Dept. find its vulnerabilities, so it can address them.
    Like (2)
    Follow
    Share
    Imperative for whole government
    Like (2)
    Follow
    Share
    Anything that can be done to seriously improve our cyber security should be welcome. I know someone who does this for a living and it’s definitely a benefit for his company. The bug bounty should be in addition to an ongoing cyber security program. It cannot be a replacement for it.
    Like (2)
    Follow
    Share
    Sounds like a good plan.
    Like (1)
    Follow
    Share
    This just Common Sense. We are in a CyberWar with several countries 24/7/365. A bounty of several million dollars should be set aside to incentivize our most competent coders to help the Treasury protect itself from all enemies foreign and domestic.
    Like (1)
    Follow
    Share
    Bug bounty programs allow for security researchers to legally find and report security vulnerabilities in the environment. These vulnerabilities are already present and any external entity can find them including hostile entities. Allowing security researchers to find and report these would help keep the systems more secure.
    Like (1)
    Follow
    Share
    Bug bounties have proven very effective in private network security. Rewarding private citizens who actively seek to better our cyber security is a good idea.
    Like (1)
    Follow
    Share
    Yes.
    Like (1)
    Follow
    Share
    Hire people who will create and maintain our cyber security. bug bounties only make sense as a way to detect vuneralbilites in exsiting systems.
    Like (1)
    Follow
    Share
    This is a solid idea of harnessing our best and brightest security personnel to Identify and fix critical issues in our diplomatic efforts.
    Like (1)
    Follow
    Share
    Trump has cut back on Cyber security by a great deal of money. We need all the security we can get to add onto our national security. End the Republican party. They will continue to run is blind until America becomes a third world country. Their armed forces should not be able to beat back the American people. We must rise and protect the Constitution as is our duty as Americans amongst other. We have to rise now to get rid of our twisted government.
    Like (1)
    Follow
    Share
    MORE