US Department of Justice’s Guidance: “Bug Bounty” Programs

    View Authors October 2017

    The Department of Justice has issued a framework for establishing safe, sound bug bounty programs. This four-step program was introduced to support good application security practices (as opposed to, e.g., network security) and lays out a framework for organizations to establish a structured program ("Vulnerability Disclosure Program") to manage third parties to discover security weaknesses. Read further for a close look at the framework and legal pitfalls to avoid.