US Senators Propose Bug Bounties For Hacking Homeland Security (cnn.com) 15
An anonymous reader quotes CNN: U.S. senators want people to hack the Department of Homeland Security. On Thursday, Senators Maggie Hassan, a Democrat and Republican Rob Portman introduced the Hack DHS Act to establish a federal bug bounty program in the DHS... It would be modeled off the Department of Defense efforts, including Hack the Pentagon, the first program of its kind in the federal government. Launched a year ago, Hack the Pentagon paved the way for more recent bug bounty events including Hack the Army and Hack the Air Force...
The Hack the DHS Act establishes a framework for bug bounties, including establishing "mission-critical" systems that aren't allowed to be hacked, and making sure researchers who find bugs in DHS don't get prosecuted under the Computer Fraud and Abuse Act. "It's better to find vulnerabilities through someone you have engaged with and vetted," said Jeff Greene, the director of government affairs and policy at security firm Symantec. "In an era of constrained budgets, it's a cost-effective way of identifying vulnerabilities"... If passed, it would be among the first non-military bug bounty programs in the public sector.
Hmmm. Yes... Nope, not biting. No way. Not a chance.
C'mon. You know you want to. This sounds like fun.
If you get any credible proof you've succeeded, you're still going to Gitmo for the rest of your life.
Of course not! When you succeed hacking the DHS:
- If you didn’t get caught, you sell your data to Russia as usual for a rather large reward.
- If you did get caught, you explain that this was for the bug hunt and submit your findings to the DHS for a much smaller reward.
Sure, some mysterious government organization starts a hacking contest. Then, if you win, Samaritan has you killed.
Nice try!
This program, if implemented (snowball's chance in hell), will be answered by no one of merit. The government has been making enemies of these people it now needs for decades. This really seems like a desperate attempt to detour around several of the government's long standing and self-defeating policies.
Time and money heals all wounds. There is a whole generation out there that are barely aware of the past abuses of power the government has committed against hackers because most of the bad stuff happened before they were even born. Your view on the matter may only apply to old grognard hackers and sociopolitical hackers. Young, skilled and looking for cash will be the demographic of future hackers.