"The Justice Department wants to help you run a vulnerability disclosure program"
The U.S. Department of Justice has released guidelines to help those that are interested in legally developing their own bug bounties, also known as software vulnerability disclosure programs. Organizations may use these guidelines to help them create bug bounty programs, which they can use to collect private information about vulnerabilities found within their system or products from independent researchers that have been invited to probe them. The new framework aims to help interested parties participate in such programs by alleviating concerns pertaining to the violation of the Computer Fraud and Abuse Act (CFAA). This article further discusses what the guidelines consist of.
CyberScoop reports "The Justice Department wants to help you run a vulnerability disclosure program"