Agency Readiness for Bug Bounty Programs
A toolkit for enhancing agency preparedness for bug bounty program execution
by Ahmed Amer, Di Cooke, Rob Lever, and Julia Pan
Bug Bounty Programs (BBPs) are an efficient and cost-effective way to improve a system’s security, allowing for scrutiny by a broader array of cybersecurity experts than a typical government agency could normally provide. Yet, few agency system stakeholders understand the advantages of BBPs or are prepared to execute BBPs on their own systems. This project outlines how the Cybersecurity and Infrastructure Security Agency (CISA) could scale the use of BBPs across government by helping agencies: improve their understanding of BBPs; gauge their specific agency’s readiness to execute a BBP; and prepare to execute a BBP.