The General Services Administration‘s Technology Transformation Service has challenged ethical hackers to identify vulnerabilities within the agency’s government website development platform as part of a “bug bounty” program, Nextgov reported Wednesday.Laura Gerhardt, a TTS technical lead, said at FCW’s cybersecurity summit that the organization initially opened the Federalist web tool to a select group of security researchers but did not discover as many vulnerabilities as expected.
The TTS Bug Bounty program was launched in May to offer cash rewards of up to $5,000 to cyber researchers who can spot bugs in TTS-operated web applications.
Gerhardt noted TTS aims to set up bug bounties for other agency tools soon.
She added that federal agencies must have enough personnel to address all reported vulnerabilities if they plan to launch bug bounty initiatives.
GSA awarded HackerOne a contract to deliver a software-as-a-service bug reporting platform and help manage TTS’ bug bounty program.
