Higher Ground Labs, in partnership with Trestle Collaborative and Zinc Collective, is excited to announce The Good Catch — a security bug bounty program for 2022 campaigns, and we want YOU to join the effort!
In recent years, security has been at the top of mind for political campaigns. We’ve seen a number of targeted exploits and hacks that are used to shift and control the narrative to harm Democratic campaigns. In 2020, Higher Ground Labs ran a private bug bounty program that was deemed highly successful in identifying potential exploits in tools used by these campaigns. We’re excited to be continuing this program for the 2022 midterm election cycle.
This time, we are expanding the program and are currently actively recruiting engineers and security researchers to join the 2022 bug bounty program. Help us assess tools and report vulnerabilities to earn ‘bounties’. (Participants are paid out for every new, validated vulnerability they discover and report.) This is a great opportunity to help keep our political tech ecosystem as secure as possible, and earn some extra cash in the process!
What is a bug bounty program?
A bug bounty program is a way to crowdsource and incentivize security researchers to find as many vulnerabilities as they can, and get paid out for what they find.
Ensuring safety and security is a never-ending endeavor. The teams behind the best software tools are never certain their tools are safe, and so they typically seek out ethical security researchers who intentionally attempt to breach their systems, then document and disclose vulnerabilities in exchange for ‘bounties,’ agreed-upon cash rewards from the software provider.
Bug bounty programs are very popular at large and small companies alike and have even been run by the Defense Department. Many large companies are often transparent with their programs to award bounties.
Here are some examples:
- The Defense Department has paid out over 22,000 bounties
- Github Bug Bounty Program
- Twitter Bug Bounty Program
- Apple Security Bounty Program
- Verizon Media/Yahoo Bug Bounty Program
- Intel Bug Bounty Program
Introducing: The Good Catch
In order to ensure Democratic campaigns are secure this cycle, we must ensure the tools organizers and staff use are safe. To do this, we’re sponsoring this bug bounty program for critical vendors of political and progressive technology.
Our first cohort of movement tech tools that you’ll help secure are:
- Community Tech Alliance
- Empower Project
And we plan to onboard more companies to the program soon!
How you can help!
We need your help to secure our vital technical infrastructure. We are actively recruiting engineers and security researchers to assess these tools and report vulnerabilities you find in June and July 2022. We will be inviting vetted researchers to join The Good Catch program. If accepted, you’ll be paid out anywhere from $50 to $1,500 (based on severity) for every new, validated vulnerability you discover and report.
If you’re interested in participating as a researcher, sign up here right away! We’ll vet each applicant to ensure you are joining this program for the right reasons (i.e. to help secure Democratic infrastructure) and then bring you into the program!
What to expect:
Signing up is easy: just fill out this short form. From there, the organizers will vet you within a few days. Once approved, vetted technologists will join a community Slack channel and participate in a training session on how the bug bounty program and platform works. You’ll be approved to access our program in Federacy, a platform designed specifically for running targeted bug bounty investigation assignments, bug reporting, and bounty payments. We’re excited to get to know all the participants and have some fun in the process.
About the Organizers
Trestle Collaborative is a team of technologists — engineers, designers, product managers — who work with those who build and use technology for organizing, electoral campaigns and movement building to ensure they are getting the most possible impact from their technology investments.
Zinc Collective drives persistent Democratic majorities by investing in technology and talent that power our movement. We operate two main programs, DigiDems and Blue Leadership Collaborative, and incubate new tech programs with our partners in the space.
Higher Ground Labs is an incubator and accelerator for political tech start-ups that support Democratic campaigns and organizations. We provide capital, programming, and mentorship to talented early-stage companies and connect the creators and users of innovative political tech.
Spread the word: