DHS Calls for Proposals for Permanent Bug Bounty Program

The Department of Homeland Security issued a final solicitation last Thursday for its new program to allow approved security researchers to hack into departmental networks and information systems to help find and close cybersecurity gaps. .

The solicitation follows a decision last December by Homeland Security Secretary Alejandro Mayorkas to make the bug bounty program permanent after the department conducted a successful pilot evaluation that began in 2018. The program is modeled on that of the Ministry of Defence.

In March, DHS issued a Request for Information and Draft Statement of Performance Work to outline its plans for the permanent program and seek feedback before final solicitation.

Contractors must have their own vulnerability discovery and disclosure platform, the final statement of work says.

Work under the next Indefinite Delivery, Indefinite Quantity Contract Vehicle will cover network, system and information systems to include web application software, source code, hardware, software embedded devices and other technologies, as requested in the DHS.

DHS expects to award the contract in August for a one-year base term and up to four one-year options. Responses are expected by June 23.

Ryan H. Bowman