State department bug bounty gets rare thumbs up

Dead bee with dollar signs floating above it
Illustration: Sam Jayne/Axios

Congress has struggled so far to write bug bounty legislation — which incentivizes independent testing of federal security — that the small handful of thought leaders in the field can embrace. But the new State Department bounty bill might pass muster, according to Casey Ellis, founder and chief technology officer of the bug bounty firm Bug Crowd.

Why it matters: While the programs are increasingly considered part of a well-balanced security diet, they are easier to get wrong than right.