This summer, DefCon's "Voting Machine Hacking Village" turned up a host of US election vulnerabilities (PDF). Now, imagine a more mainstream national hacking event backed by the Department of Homeland Security that has the same goal: to discover weaknesses in voting machines used by states for local and national elections.

That might just become a reality if federal legislation (PDF) unveiled Tuesday becomes law. The proposal comes with a safe harbor provision to exempt participants from federal hacking laws. Several federal exemptions for ethical hacking that paved the way for the DefCon hacking village expire next year.

The bipartisan "Securing America's Voting Equipment Act" also would provide election funding to the states and would designate voting systems as critical infrastructure—a designation that would open up communication channels between the federal government and the states to share classified threat information.

"Until we set up a stronger set of protections for our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation’s democratic institutions will remain vulnerable,” Sen. Martin Heinrich (D-N.M.) told reporters.

The newly proposed bounty program, similar to last year's "Hack the Pentagon" event, would be called the "Cooperative hack the Election Program." According to the legislation, it would be "an annual competition for hacking in state voting and voter registration systems during periods when such systems are not in use for elections." The bill, also sponsored by Sen. Sue Collins (R-Maine), would provide for unspecified awards "for the discovery of the most significant vulnerabilities," which would then be shared "with the relevant vendors" that manufactured the systems.

"Our bipartisan legislation would assist states in this area by identifying best practices to protecting voting equipment and ensuring states have the resources they need to implement those best practices," Collins said.

To qualify for a safe harbor to become exempt from the Computer Fraud and Abuse Act, hackers may not "exploit" discovered vulnerabilities or publicly expose them, according to the legislation. We'll keep you posted if this legislation gets a hearing.