Updated: Nov 14, 2022
The Chief Digital and Artificial Intelligence Office’s Directorate of Digital Services (“DDS”) is seeking innovative solutions related to the execution of a bug bounty program, aka crowdsourced vulnerability discovery, targeting classified systems within the Department of Defense (DoD).
DDS is seeking information to extend its current bug bounty operations for the DoD into the classified space; that is, to conduct bounties on classified information systems. Such systems could include traditional IT elements such as IP-based networks, computing systems, and applications, but also Operational Technology (OT) elements including various ICS/SCADA components and operational platforms.
We want to understand industry capabilities and interests in applying the commercial bug bounty model into the classified space, and discuss the additional challenges and constraints involved in developing such a capability. This may involve novel business models, use of technology and personnel, and potentially policy modifications.