The State Dept. has been subject to repeated cyber attacks in recent years, and it doesn’t have the internal capacity and expertise to identify and fix its cyber vulnerabilities. Establishing a bug bounty program will help the State Dept. find its vulnerabilities, so it can address them.
Bug bounty programs are expensive and cumbersome to maintain. They also aren’t a substitute for internal cybersecurity capacity. Rather than establishing a bug bounty program, the State Dept. should spend its time and money on improving its internal cyber defense capabilities.