The firm, which employs ethical hackers to find security vulnerabilities in client websites before the bad guys do, has worked with the TTS for a little over a year now. The new contract extends the partnership, providing a base performance period of six months, with an additional nine option periods lasting six months each for a total of five years.
Marten Mickos, CEO of HackerOne, called the contract “a reminder of the leadership role that the U.S. federal government has taken in vulnerability disclosure.” The GSA in particular has shown a strong interest in using bug bounties – i.e., cash prizes to hackers who discover and report vulnerabilities – and is the first civilian agency to leverage these programs to improve its website security.
“Over the last year, GSA has proved to be one of the fastest government agencies in regards to resolution time,” Mickos said, “resolving vulnerabilities markedly faster than the global average for government bug bounty programs.”
The contract with the GSA comes just over a month after the company announced inking a deal with the U.S. Department of Defense to unleash its squad of white hat hackers on the public-facing websites of the Marine Corps Enterprise Network (MCEN). The Hack the Marine Corps bug bounty challenge in August was the latest iteration of the San Francisco, California-based company’s work with the DoD, having also launched similar campaigns with the Army, the Air Force, and the Defense Travel System over the past two years.
Founded in 2012, HackerOne presented Tapping Hackers to Improve Security at our developers conference, FinDEVr London, last summer. The presentation discussed how external, white hat hackers can help companies uncover cybersecurity flaws, and how they can move toward more comprehensive vulnerability disclosure programs.
Since inception, HackerOne has helped 1,000+ companies and organizations find and fix more than 76,000 cybersecurity vulnerabilities, earning white hat hackers $32 million in bug bounties.