In an effort to uncover security flaws in government computer systems – and of course fix those flaws – the American Civil Liberties Union has recommended that federal officials reward people who report those very glitches.
In a Wednesday (May 27) letter addressed to the Department of Commerce Internet Policy Task Force, the ACLU said financial rewards would help security researchers “do the right thing” by alerting the company using the flawed system or even warn the general public. That would help avoid a situation, the ACLU said, in which the researcher would “sell the vulnerability, often to a government, which would then quietly exploit the flaw for its own gain.”
The government should consider taking a page from the private sector, the ACLU recommended.
“In an effort to disrupt this shadowy grey market and to provide some financial reward to researchers who notify the responsible vendor or developers, some leading technology companies have created ‘bug bounty’ programs,” the letter read.
The government has yet to implement any such bounty, and instead pays for research that uncovers flaws that in turn can actually be exploited by agencies themselves, rather than remunerating people who alert developers themselves about weaknesses. The ACLU also recommended that the task force encourage government agencies to explicitly publish each agency’s security team contact information.
“Researchers who discover a serious security flaw in a piece of software or website should not have to spend hours or days searching for the contact information for the information security team at the company or organization responsible for the vulnerable code,” the letter stated.
To check out what else is HOT in the world of payments, click here.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More