This bill would establish a “bug bounty” pilot program within the Treasury Department in which vetted computer professionals could apply to “hack” and try to penetrate weaknesses in the Treasury’s servers in exchange for a cash payment. Participants would be chosen through an application process and subjected to a background check, and would be protected from prosecution for carrying out authorized activities in the bug bounty program. A total of $100,000 would be authorized for fiscal year 2019 to carry out the program.
The Secretary of the Treasury would be required to designate mission critical operations that should be excluded from the bug bounty program, and develop it in consultation with Dept. of Defense offices that put together the “Hack the Pentagon” program in 2016.
The program would be established within 180 days of the bill’s enactment, and 90 days after the bug bounty program is completed the Treasury would have to submit a report on its effectiveness to relevant congressional committees.