Ethical hacking company HackerOne has achieved authorization for use by federal agencies as the government prepares to create vulnerability disclosure programs for public-facing websites.

In a May 18 announcement, HackerOne announced it achieved an authorization through the Federal Risk and Authorization Management Program known as tailored low impact-software as a service. FedRAMP is a program inside the General Services Administration that approves cloud tools for use in the federal government.

HackerOne’s authorization is a significant step for the company, as agencies want to create vulnerability disclosure programs for their public-facing websites under a draft mandate released in November 2019 by the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.

Vulnerability disclosure programs allow ethical hackers to legally probe public-facing websites as long as they report vulnerabilities to the agency for remediation.

HackerOne’s FedRAMP authorization was sponsored by the GSA, which started using the company’s services in 2017 and later awarded it a multiyear contract.

The company’s credentials are also well-established inside the Department of Defense, where it runs a vulnerability disclosure program for the department’s outward-facing websites. So far, more than 12,000 vulnerabilities have been discovered.

It’s also provided several bug bounty programs for the military services, in which ethical hackers search for security gaps in specific service platforms and compete for prizes. The company previously partnered with the Air Force, Army and Marine Corps, as well as other internal DoD components.

“Achieving FedRAMP Tailored LI-SaaS authorization is a testament to HackerOne’s long-standing commitment to ensuring a secure environment for our U.S. government clients,” Lynn Chia, director of federal business at HackerOne, said in a statement. “This authorization underscores the momentum that HackerOne has achieved in the federal government and demonstrates our ability to help make our public sector customers’ digital transformations into security transformations.”

Andrew Eversden covered all things defense technology for C4ISRNET. Beforehand, he reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.

More In Cloud
In Other News
Biden requests $773 billion for Pentagon, a 4% boost
Defense Department spending would see a 4% increase in fiscal 2023 under a plan released by the White House, significantly above what administration officials wanted last year but likely not enough to satisfy congressional Republicans.
Jackson heading for likely confirmation despite GOP darts
In her final day of Senate questioning, she declared she would rule “without any agendas” as the high court’s first Black female justice and rejected Republican efforts to paint her as soft on crime in her decade on the federal bench.
Jackson pushes back on GOP critics, defends record
Jackson responded to Republicans who have questioned whether she is too liberal in her judicial philosophy, saying she tries to “understand what the people who created this law intended.” She said she relies on the words of a statute but also looks to history and practice when the meaning may not be clear.
Load More