HackerOne, a leading hacker-powered security platform, has announced the General Service Administration’s (GSA) Technology Transformation Service (TTS) has awarded the company a multi-year contract to run a bug bounty programme.
GSA was the first federal civilian agency to engage in a bug bounty programme and continues their ongoing momentum with this latest bug bounty contract.
This news comes after 18F’s successful execution of a 2017 bug bounty and vulnerability disclosure programme (VDP) with HackerOne.
Through the programme, 18F awarded bounties to ethical hackers for reporting security vulnerabilities found in public-facing digital systems. The VDP also provided an official channel for ethical hackers to safely disclose vulnerabilities in a wider rage of TTS assets, including login.gov, data.gov, cloud.gov and vote.gov.
After competing in an open market bidding process, TTS awarded the contract to HackerOne in September 2018. The period of performance will extend for up to five years. Once the new programme begins, TTS will offer hackers financial awards for safely reporting security issues directly to the system owner.
“The Technology Transformation Service bug bounty programme with HackerOne is yet another reminder of the leadership role that the US federal government has taken in vulnerability disclosure,” said Marten Mickos, CEO, HackerOne.
“Over the last year, GSA has proved to be one of the fastest government agencies in regards to resolution time, resolving vulnerabilities markedly faster than the global average for government bug bounty programmes. GSA’s commitment to resolving vulnerabilities quickly benefits all US citizens and is something that HackerOne is proud to be a part of.”
At a time when nearly every organisation faces challenges related to scaling cybersecurity resources and workforce, hacker-powered security programs have become a best practice across the private and public sector. In June 2018, Gartner reported that crowdsourced security testing is rapidly approaching critical mass and ongoing adoption and uptake by buyers is expected to be rapid.”
The government sector continues to lead the way with adoption globally, with 125% increase in programmes year over year, including the European Commission and the Ministry of Defence Singapore, joining GSA’s TTS and the DoD on HackerOne.
HackerOne and the US Department of Defense’s Defense Digital Service (DDS) pioneered the first ever federal bug bounty program in 2016, Hack the Pentagon. The DoD and HackerOne have successful executed six bug bounty challenges as part of a multi-year contract: Hack the Pentagon, Hack the Army, Hack the Air Force, Hack the DTS, Hack the Air Force 2 and Hack the Marine Corps (results coming soon).
The DoD also partners with HackerOne for its ongoing VDP. Since the launch of Hack the Pentagon, more than 5,000 valid vulnerabilities have been reported in government systems.
Proposed legislations like Hack the Department of Homeland Security Act, the Department of Justice Vulnerability Disclosure Framework and statements by Singapore’s Deputy Prime Minister Teo Chee Hean, further demonstrate public sector support for hacker-powered security.
To report a security vulnerability to GSA please visit: https://hackerone.com/tts.
