[Page H1877]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                  HACK THE PENTAGON BUG BOUNTY PROGRAM

  (Mr. LANGEVIN asked and was given permission to address the House for 
1 minute and to revise and extend his remarks.)
  Mr. LANGEVIN. Mr. Speaker, on Monday, the Department of Defense 
kicked off the first bug bounty program in the history of the Federal 
Government. Like similar programs used in industry, Hack the Pentagon 
is based on a coordinated vulnerability disclosure process. If a 
security researcher finds a security problem in public-facing Web sites 
that are operated by the DOD, he or she can submit it for review. 
Should the bug represent a security risk, the Department will then pay 
the researcher a bounty for his or her work.
  Coordinated vulnerability programs allow us to crowdsource security, 
encouraging curious minds to share their discoveries responsibly while 
providing accountability for institutions that operate or develop 
software.
  I congratulate Secretary Carter for his leadership in creating this 
program, and I hope other agencies consider adopting programs like this 
of their own.
  Mr. Speaker, I encourage any hackers out there to check out Hack the 
Pentagon site and help make the pilot program a success.

                          ____________________