New Project: Agency Readiness for Bug Bounty Programs

We are pleased to share an exciting new project from our inaugural Tech Policy Primer cohort. The project, focused on ‘Agency Readiness for Bug Bounty Programs,’ proposes guidelines for the Cybersecurity and Infrastructure Security Agency (CISA) to scale the use of Bug Bounty Programs (BBPs) across government. The outputs include a BBPs 101 information sheet, a BBP readiness score guide and scorecard, and a BBP Survey Tool demo video.

Read more about the project:

Agency Readiness for Bug Bounty Programs

by Ahmed Amer, Di Cooke, Rob Lever, and Julia Pan

BBPs are an efficient and cost-effective way to improve a system’s security, allowing for scrutiny by a broader array of cybersecurity experts than a typical government agency could normally provide. Yet, few agency system stakeholders understand the advantages of BBPs or are prepared to execute BBPs on their own systems. This project outlines how CISA could help agencies: improve their understanding of BBPs; gauge their specific agency’s readiness to execute a BBP; and assist with preparation if an agency is not yet ready to execute a BBP.

Learn more about this and other projects here.