Agency Readiness for Bug Bounty Programs

A toolkit for enhancing agency preparedness for bug bounty program execution

by Ahmed Amer, Di Cooke, Rob Lever, and Julia Pan

Bug Bounty Programs (BBPs) are an efficient and cost-effective way to improve a system’s security, allowing for scrutiny by a broader array of cybersecurity experts than a typical government agency could normally provide. Yet, few agency system stakeholders understand the advantages of BBPs or are prepared to execute BBPs on their own systems. This project outlines how the Cybersecurity and Infrastructure Security Agency (CISA) could scale the use of BBPs across government by helping agencies: improve their understanding of BBPs; gauge their specific agency’s readiness to execute a BBP; and prepare to execute a BBP.

View the One-Pager
View the Information Document
View the Score Guide
View the Scorecard
View the Survey Tool Demo Video