Close

Federal Agencies Now Allowed to Use HackerOne for Cybersecurity

The ethical hacking company, HackerOne, has been contracted by the DoD since 2017 – it recently received authorization for use across all Federal Agencies-

                Over the past decade, professional hackers have found legitimate jobs through what are known as “vulnerability coordination” and “bug bounty” platforms. These crowd-sourced sites connect cybersecurity researchers-also referred to as “ethical hackers”- with businesses that wish to fix their public websites as to make them less impenetrable by criminal hackers that have more malicious intentions. The largest of these types of companies is HackerOne, a company that originated in 2011. On May 18th of this year, the programs serviced by HackerOne received authorization from The General Service Administration’s (GSA) FedRAMP service, which approves cloud software for use in the Federal Government. Ethical hackers will now be allowed to probe public-facing government websites so long as they disclose all discovered vulnerabilities to the respective agency.

                As of the end of 2019, HackerOne has awarded a total of over $90 million in “bug bounties” across a network of over 700,000 hackers- solving over 160,000 cybersecurity vulnerabilities for 1,800 clients- including the Department of Defense (DoD) since 2017. The community of ethical hackers found roughly 12,000 vulnerabilities in DoD digital services, having partnered with the Air Force, Army, Marine Corps, and other military branches. HackerOne currently has a $2 million, five-year contract with the GSA, which sponsored the FedRAMP approval.

Until Next Time,

**Written by Benjamin Derge, Financial Planner. The information has been obtained from sources considered reliable but we do not guarantee that the foregoing material is accurate or complete. Any opinions are those of Benjamin Derge and not necessarily those of RJFS or Raymond James. Links are being provided for information purposes only. Expressions of opinion are as of this date and are subject to change without notice. Raymond James is not affiliated with and does not endorse, authorize, or sponsor any of the listed websites or their respective sponsors.