S. Hrg. 115-656: Data Security and Bug Bounty Programs: Lessons Learned from the Uber Breach and Security Researchers, Hearing Before the Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security of the Committee on Commerce, Science, and Transportation, United States Senate, One Hundred Fifteenth Congress, Second Session, February 6, 2018 [open pdf - 4MB]
This is the February 6, 2018 hearing on "Data Security and Bug Bounty Programs" held before the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. From the opening statement of Jerry Moran: "A bug bounty is a reward offered to someone outside of the company who identifies an error or vulnerability in a computer program or system in connection with the Coordinated Vulnerability Disclosure Program. The Committee plans to examine the value of these innovative programs and other coordinated approaches to identify cyber vulnerabilities and prevent the types of instances that have occurred and, unfortunately, will probably occur in the future." Statements, letters, and materials submitted for the record include those of the following: John Flynn, Marten G. Mickos, Katie Moussouris, and Justin Brookman.
S. Hrg. 115-656; Senate Hearing 115-656
Government Publishing Office: http://www.gpo.gov/