The U.S. government is experimenting with a secure and anonymous portal for reporting software vulnerabilities to encourage closer collaboration with ethical hackers.
The initiative is a recognition of the lingering reluctance that some security researchers have felt in flagging bugs for federal officials, despite a longstanding program run by the Department of Homeland Security.
The project would use SecureDrop, the open-source software that some news organizations rely on for anonymous tips, to submit vulnerability information. It is aimed at the tinkerers and hackers who, out of fear – whether founded or not – of legal repercussions, do not report the bugs they find.