DHS marks expansion of bug bounty efforts with impending contract awards

The Department of Homeland Security is planning to award up to four contracts as early as next month for vetted security researchers to find software bugs in DHS systems, including at live hacking events. DHS released the “Hack DHS: Crowdsourced Vulnerability Assessment Services” request for proposals Aug. 3. Companies have until Aug. 15 to submit “phase one” proposals so DHS can complete an “advisory down-select.” Companies that get through the first phase will have until Aug. 30 to submit phase-two proposals, which includes technical approach, past performance and price documentation.