Tech

The Technology Transformation Service’s bug bounty is a civilian agency first

GSA is looking for outside hackers to test the Federalist web publishing service for any and all vulnerabilities.

September 6, 2017

(Getty Images)

Over the past two weeks, hackers have been welcome to probe the 18F-built Federalist website publishing service, and so far the government has paid out $1,400 for their efforts.

It’s the first time a civilian agency has used a bug bounty platform to let members of the general public find website vulnerabilities. The program, which began Aug. 25, is part of a broader effort by the General Service Administration’s Technology Transformation Service to draw upon outside expertise to increase the security of a variety of services. Bug bounty platform HackerOne, which has handled similar projects for the military, is managing the effort.

Although TTS has plans to expand the bug bounty, Federalist is getting all the attention for now. (It has no relationship to the media site The Federalist.)

Federalist’s domain and its source code are currently the only TTS projects in the scope of the competition, but organizers plan to introduce additional targets “at regular intervals,” HackerOne’s program page says, including parts of login.gov, data.gov, vote.gov and more.

TTS is offering “competitive” bounties for vulnerabilities — $150 for the lowest level and up to $2,000 for critical level.

The military pioneered this kind of program in government. In April 2016 the Department of Defense launched Hack the Pentagon, the first federal bug bounty program. The pilot was quickly expanded to include Hack the Army and Hack the Air Force.

TTS isn’t just looking for help with Federalist’s code. It’s also hoping to use this initial bug bounty program to take constructive criticism about how to improve the overall process.

“As the first program of its kind, we expect to evolve its structure over time and welcome feedback on areas for improvement,” the HackerOne description reads.

The Technology Transformation Service’s bug bounty is a civilian agency first

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Federal CIO calls on Congress to fund Technology Modernization Fund

Top Stories

State Department encouraging workers to use ChatGPT

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

Ex-White House adviser to oversee cloud strategy for GSA’s Technology Transformation Services

GSA names new Technology Transformation Services deputy director

Biden administration names Ann Lewis director of GSA’s Technology Transformation Services

GSA’s Zvenyach: US Digital Corps technologists are already transforming government services

Ongoing bug-bounty pilot pinpoints many vulnerabilities in DOD’s cyberspace

DOD expands vulnerability disclosure program to contracting base in pilot

GSA’s 5-year plan prioritizes digital government

Latest Podcasts

The Technology Transformation Service’s bug bounty is a civilian agency first

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition