HackerOne secures contract with US General Services Administration
The white hat hackers of HackerOne have won a $2 million “bug bounty” contract with the Technology Transformation Service (TTS) of the US General Services Administration, reports David Penn at Finovate.
The firm, which employs ethical hackers to find security vulnerabilities in client websites before the bad guys do, has worked with TTS for a little over a year now. The new contract extends the partnership, providing a base performance period of six months, with an additional nine option periods lasting six months each for a total of five years.
Marten Mickos, CEO of HackerOne, calls the contract “a reminder of the leadership role that the US federal government has taken in vulnerability disclosure”. GSA, in particular, has shown a strong interest in using “bug bounties” – i.e. cash prizes to hackers who discover and report vulnerabilities – and is the first civilian agency to leverage these programs to improve its website security.
“Over the last year, GSA has proved to be one of the fastest government agencies in regards to resolution time,” Mickos says, “resolving vulnerabilities markedly faster than the global average for government bug bounty programmes”.
The contract with GSA comes just over a month after the company announced a deal with the US Department of Defense (DoD) to unleash its squad of white hat hackers on the public-facing websites of the Marine Corps Enterprise Network (MCEN). The Hack the Marine Corps bug bounty challenge in August was the latest iteration of the San Francisco-based company’s work with the DoD, having also launched similar campaigns with the Army, the Air Force, and the Defense Travel System over the past two years.
Founded in 2012, HackerOne says it has helped 1,000+ companies and organisations find and fix more than 76,000 cybersecurity vulnerabilities, earning white hat hackers $32 million in bug bounties.