Bill SponsorBILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 1281
115th Congress(2017-2018)
Hack the Department of Homeland Security Act of 2018
Active
Amendments
Active
Passed Senate on Apr 17, 2018
Overview
Text
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 1281 (Introduced-in-Senate)


115th CONGRESS
1st Session
S. 1281


To establish a bug bounty pilot program within the Department of Homeland Security, and for other purposes.

IN THE SENATE OF THE UNITED STATES

May 25, 2017

Ms. Hassan (for herself, Mr. Portman, Mrs. McCaskill, and Ms. Harris) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

A BILL

To establish a bug bounty pilot program within the Department of Homeland Security, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Hack the Department of Homeland Security Act of 2017” or the “Hack DHS Act”.

SEC. 2. Department of Homeland Security Bug Bounty Pilot Program.

(a) Definitions.—In this section:

(1) BUG BOUNTY PROGRAM.—The term “bug bounty program” means a program under which an approved computer security specialist or security researcher is temporarily authorized to identify and report vulnerabilities within the information system of the Department in exchange for cash payment.

(2) DEPARTMENT.—The term “Department” means the Department of Homeland Security.

(3) INFORMATION SYSTEM.—The term “information system” has the meaning given the term in section 3502 of title 44, United States Code.

(4) PILOT PROGRAM.—The term “pilot program” means the bug bounty pilot program required to be established under subsection (b)(1).

(5) SECRETARY.—The term “Secretary” means the Secretary of Homeland Security.

(b) Establishment of pilot program.—

(1) IN GENERAL.—Not later than 180 days after the date of enactment of this Act, the Secretary shall establish a bug bounty pilot program to minimize vulnerabilities to the information systems of the Department.

(2) REQUIREMENTS.—In establishing the pilot program, the Secretary shall—

(A) provide monetary compensation for reports of previously unidentified security vulnerabilities within the websites, applications, and other information systems of the Department that are accessible to the public;

(B) develop an expeditious process by which computer security researchers can register with the Department, submit to a background check as determined by the Department, and receive a determination as to approval for participation in the pilot program;

(C) designate mission-critical operations within the Department that should be excluded from the pilot program;

(D) consult with the Attorney General on how to ensure that computer security specialists and security researchers who participate in the pilot program are protected from prosecution under section 1030 of title 18, United States Code, and similar provisions of law for specific activities authorized under the pilot program;

(E) consult with the relevant offices at the Department of Defense that were responsible for launching the 2016 “Hack the Pentagon” pilot program and subsequent Department of Defense bug bounty programs;

(F) award competitive contracts as necessary to manage the pilot program and for executing the remediation of vulnerabilities identified as a consequence of the pilot program; and

(G) engage interested persons, including commercial sector representatives, about the structure of the pilot program as constructive and to the extent practicable.

(c) Report.—Not later than 90 days after the date on which the pilot program is completed, the Secretary of Homeland Security shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the pilot program, which shall include—

(1) the number of computer security researchers involved in the pilot program, broken down by the number of computer security researchers who—

(A) registered;

(B) were approved;

(C) submitted security vulnerabilities; and

(D) received monetary compensation;

(2) the number and severity of previously unidentified vulnerabilities reported as part of the pilot program;

(3) the number of previously unidentified security vulnerabilities remediated as a result of the pilot program;

(4) the average length of time between the reporting of security vulnerabilities and remediation of the vulnerabilities;

(5) the average amount of monetary compensation paid per unique vulnerability submitted under the pilot program and the total amount of monetary compensation paid to computer security researchers under the pilot program; and

(6) the lessons learned from the pilot program.

(d) Authorization of appropriations.—There are authorized to be appropriated to the Department $250,000 for fiscal year 2018 to carry out this Act.