Public Law 115-390: Strengthening and Enhancing Cyber-Capabilities by Utilizing Risk Exposure Technology Act [open pdf - 343KB]
From the Document: "An Act [t]o require the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes."
Public Law 115-390; P.L. 115-390; H.R. 7327
Government Publishing Office: http://www.gpo.gov/