house Bill H.R. 3868
Should the Treasury Have a “Bug Bounty” Program to Expose & Fix Vulnerabilities in its Computer Systems?
Argument in favor
A bug bounty program would be an effective, secure way to test the vulnerabilities in the Treasury Department’s information systems to ensure taxpayer information is protected.
11/04/2017
I think that we should have a full on Cyber-Security Bureau that should be constantly testing our governments computer systems for weaknesses and exploits.
···
11/04/2017
The United States must get more tech savvy. Fast. The vulnerabilities exhibited by recent revelations by Equifax, Yahoo and seemingly countless others (who should have been protecting their customers but didn’t) should be a cautionary tale for our government. Especially when taken in the context of ongoing investigations into Russia’s interference in our country’s 2016 General Election. We need to close the holes in our country’s cyber security. A bounty system would bring to bear some of our brightest citizens to close these holes.
11/04/2017
With the importance of the security of the treasury, it is vital that our computer systems are as protected as possible. This low cost program is an important step.
Argument opposed
A bug bounty program could expose weaknesses in the Treasury Department’s information systems that aren’t fixed, allowing them to be exploited by real hackers.
11/04/2017
If Congress understood anything about technology they would put their money in more IT Security Development instead of Defense Spending. Russia, China, Iran, and even North Korea spend a fraction of funds on their Defense Spending and run circles around our IT Security. Want to make America great again, invest in our intellectual human capital and less in this 20th Century Groupthink you have going on among your so called ‘conservatives’, which sounds more like remedial governance for high school drop outs.
11/04/2017
This is like spitting into the wind to fix a problem. Too little, too late, and sponsored by a Southern Republican which, sadly, makes me suspicious of intent. The idea sounds stupid frankly. Hiring hackers? Really! How about enough competent staff to prevent the problem? No, this sounds like another catastrophe in the making. While pardoning the banks, corporations, and credit unions for all wrongdoing, hiring hackers to boot is an invitation to further destruction.
11/04/2017
As a former IT/IS person the one thing I always told my clients is that if you want to make sure you are never hacked via the Internet don't connect to it. If someone wants to get into your system they will find a way. And systems can be hacked into directly....not via the Internet. The only way to mitigate it is to make sure all software and hardware vulnerabilities are kept patched and configured securely. Also, proper 24/7 monitoring is needed. Our government needs to have a robust, world-class IT/IS department fully funded, and work closely with software manufacturers to keep up-to-date on vulnerabilities, and out-of-date hardware and software need to be replaced. Also frequent testing of systems are needed. There is no excuse for our government computer systems to be as vulnerable as they are. Having outside white-hat hackers testing government system vulnerabilities gives me pause, as government employees fully-vetted would be better.
I think that we should have a full on Cyber-Security Bureau that should be constantly testing our governments computer systems for weaknesses and exploits.
If Congress understood anything about technology they would put their money in more IT Security Development instead of Defense Spending. Russia, China, Iran, and even North Korea spend a fraction of funds on their Defense Spending and run circles around our IT Security. Want to make America great again, invest in our intellectual human capital and less in this 20th Century Groupthink you have going on among your so called ‘conservatives’, which sounds more like remedial governance for high school drop outs.
This is like spitting into the wind to fix a problem. Too little, too late, and sponsored by a Southern Republican which, sadly, makes me suspicious of intent. The idea sounds stupid frankly. Hiring hackers? Really! How about enough competent staff to prevent the problem? No, this sounds like another catastrophe in the making. While pardoning the banks, corporations, and credit unions for all wrongdoing, hiring hackers to boot is an invitation to further destruction.
As a former IT/IS person the one thing I always told my clients is that if you want to make sure you are never hacked via the Internet don't connect to it. If someone wants to get into your system they will find a way. And systems can be hacked into directly....not via the Internet. The only way to mitigate it is to make sure all software and hardware vulnerabilities are kept patched and configured securely. Also, proper 24/7 monitoring is needed. Our government needs to have a robust, world-class IT/IS department fully funded, and work closely with software manufacturers to keep up-to-date on vulnerabilities, and out-of-date hardware and software need to be replaced. Also frequent testing of systems are needed. There is no excuse for our government computer systems to be as vulnerable as they are. Having outside white-hat hackers testing government system vulnerabilities gives me pause, as government employees fully-vetted would be better.
The United States must get more tech savvy. Fast. The vulnerabilities exhibited by recent revelations by Equifax, Yahoo and seemingly countless others (who should have been protecting their customers but didn’t) should be a cautionary tale for our government. Especially when taken in the context of ongoing investigations into Russia’s interference in our country’s 2016 General Election. We need to close the holes in our country’s cyber security. A bounty system would bring to bear some of our brightest citizens to close these holes.
With the importance of the security of the treasury, it is vital that our computer systems are as protected as possible. This low cost program is an important step.
In the tech industry, programs like this have greatly improved cyber security.
Yes. This system has been effective in finding potential entrances for hackers. Our government must do everything to protect our information.
The Treasury like every business is responsible for the security of their systems, To pay a reward for finding bugs is tantamount to relinquishing their control of the security of their systems. In other words, they are admitting that they have neither the expertise nor experience to police their own system. It’s interesting that securing the nation’s election system is left to chance.
This is a no brainier. People are going to find bugs - we want them to be on our side.
This program seems unnecessary. Why doesn’t the Treasury put in the proper investments to make sure that their systems are secure? Staff at the Treasury should be constantly checking to ensure that their systems are as safe as possible from cyber attacks. Plus, even if you subject the participants of this program to background checks, it’s still an incredibly risky endeavor to allow these people to purposely hack the Treasury.
There are people who would do this for free just to test their hacking skills and the fact that you’re putting this off till 2019 tells me how out of touch you are with the real world.
I think the government should tread lightly on this issue for sure. But be a bit more decisive. Bring in experts. Invest more in Cyber security. But remember to respect Americans’ privacy.
Every local state and federal agency that stores sensitive data should have one. Hospitals should have them. Educational institutions should have them. Crucial infrastructure and utilities should have them. Cyber warfare is here and we have only ourselves to blame if we’re hacked.
This is a common and affective practice in the tech world, why not use it to protect taxpayers information.
Agreed assuming there are no hidden provisions. White hat hackers are an asset and too many in the community have been charged by technically illiterate bureaucrats, destroying lived and ultimately weakening our digital infrastructure.
This is the best way to discover security flaws. Pay well enough and people will find them and save us from future cyber attacks
It can be a stepping stone to better infrastructure and security, but the government has to actually listen to the people first.
Most of these “black hat hackers” would be happy with a gold star and so little money would reap large results.