18F's procurement hack could guide DHS bug bounties

sphere of binary data

Take a page from the private sector and a page from the General Services Administration's 18F, and you might have the makings of a Department of Homeland Security bug bounty program.

The key could be a micro-purchasing authority through which feds can dodge the painful hiring and acquisition processes.

"We used it for code," said Darryl Peek, a cybersecurity strategist in DHS' Federal Network Resilience Division, of the micro-purchasing authority. "Why can't we use it for bounty?"

Peek was referencing 18F's successful efforts to buy coding work with reverse auctions under the micro-purchasing level of $3,500.

He acknowledged that directly hiring top talent would be preferable to paying outside professionals to detect vulnerabilities. But as antivirus legend John McAfee noted in a scathing Feb. 18 op-ed, government agencies "will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won't work for less than a half-million dollars a year." McAfee contends that those kinds of people are often the best tech talent.

For now, a serious conversation between DHS and 18F has yet to take place. "I don't know if it's even going to happen within the next year or so," Peek acknowledged, so a micro-purchase bounty program is just a gleam in his eye. (A DHS spokesman told FCW he didn't believe the department currently had any DHS bounty programs.)

"If there are people who are limited in their ability to [get hired by government], they're currently making money through Facebook, Google, Amazon, through the bounty program," Peek said. And he wants to bring those white-hat hackers into the government's fold.

"Why can't government set up a bounty program?" he asked. "Why can't our systems be just as robust as the Microsofts and the Apples and the Googles?"

About the Author

Zach Noble is a former FCW staff writer.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.