Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sam Jayne/Axios

Congress has struggled so far to write bug bounty legislation — which incentivizes independent testing of federal security — that the small handful of thought leaders in the field can embrace. But the new State Department bounty bill might pass muster, according to Casey Ellis, founder and chief technology officer of the bug bounty firm Bug Crowd.

Why it matters: While the programs are increasingly considered part of a well-balanced security diet, they are easier to get wrong than right.

The Hack Your State Department Act, which just passed the House Foreign Affairs Committee, requires State to offer a bug bounty — a reward program that pays independent researchers who report security flaws in public facing infrastructure.

Bug bounties take work: The most successful federal bug bounty programs have been those run by the Department of Defense, which made it look easy. Too easy.

  • Before a bug bounty program takes flight, a lot of things need to happen: Agencies need to restructure staff to be able to patch the influx of new bugs, create legal waivers to prevent good guys from being arrested for bad-guy hacking, and address all outstanding bugs to make room for the new ones coming.
  • "The problem with past bills is they saw Hack the Pentagon, that didn't take much time after being announced to launch, and told agencies to establish programs within 90 days," said Ellis.
  • But while the public didn't find out about Hack the Pentagon until late in the process, the Pentagon devoted two years to it before going public.
  • Hack Your State Department, introduced by Reps. Teds Lieu and Yoho (D-Calif. and R-Fla.) would give State a full year to set up the program, including a preparatory period where the department would accept and patch bugs but offer no reward.

Go deeper

Using apps to prevent deadly police encounters

Illustration: Sarah Grillo/Axios

Mobile phone apps are evolving in ways that can stop rather than simply document deadly police encounters with people of color — including notifying family and lawyers about potential violations in real time.

Why it matters: As states and cities face pressure to reform excessive force policies, apps that monitor police are becoming more interactive, gathering evidence against rogue officers as well as posting social media videos to shame the agencies.

Dan Primack, author of Pro Rata
11 hours ago - Technology

TikTok gets more time (again)

Illustration: Aïda Amer/Axios

The White House is again giving TikTok's Chinese parent company more to satisfy national security concerns, rather than initiating legal action, a source familiar with the situation tells Axios.

The state of play: China's ByteDance had until Friday to resolve issues raised by the Committee on Foreign Investment in the U.S. (CFIUS), which is chaired by Treasury secretary Steve Mnuchin. This was the company's third deadline, with CFIUS having provided two earlier extensions.

Federal judge orders Trump administration to restore DACA

DACA recipients and their supporters rally outside the U.S. Supreme Court on June 18. Photo: Drew Angerer via Getty

A federal judge on Friday ordered the Trump administration to fully restore the Deferred Action for Childhood Arrivals program, giving undocumented immigrants who arrived in the U.S. as children a chance to petition for protection from deportation.

Why it matters: DACA was implemented under former President Obama, but President Trump has sought to undo the program since taking office. Friday’s ruling will require Department of Homeland Security officers to begin accepting applications starting Monday and guarantee that work permits are valid for two years.