SAN FRANCISCO--(BUSINESS WIRE)--HackerOne, the global leader in hacker-powered security, today announced that it has achieved Federal Risk and Authorization Management Program (FedRAMP) In Process status for Tailored Low impact - Software as a Service (Li-SaaS), a milestone that extends the company's ability to serve U.S. federal agencies.
FedRAMP is considered the gold standard for security certifications and is widely recognized as one of the most demanding security regulations. FedRAMP In Process status signifies the addition of HackerOne’s full suite of hacker-powered security solutions, including Bug Bounty, Vulnerability Disclosure and Compliance solutions, to the FedRAMP marketplace — a menu of certified solutions for government organizations. HackerOne is expected to achieve FedRAMP Authorized status by 2020.
“HackerOne is extremely proud to take the first step in being recognized by the FedRAMP program and its mission to standardize security in the public sector,” said Matt Bianco, Director of Federal at HackerOne. “This milestone demonstrates the unique approach HackerOne is taking to assist the federal government in securing their systems. By meeting FedRAMP’s rigorous security standards, any federal agency will soon be able to seamlessly implement crowdsourced security solutions from HackerOne.”
FedRAMP ensures a more streamlined procurement process by standardizing security requirements across all federal agencies as opposed to having different security requirements for different agencies. This allows federal agencies to quickly adopt new technologies that meet various levels of certification. All FedRAMP Authorized, In Process, and Ready certified solutions are listed on the marketplace.
HackerOne has worked with the U.S. Federal Government since 2016, starting with the first crowdsourced security initiative “Hack the Pentagon.” With the success of the initiative, HackerOne has operated several bug bounty challenges for the DoD, including Hack the Army, Hack the Air Force, Hack the Air Force 2.0, Hack the Air Force 3.0, Hack the Defense Travel System, and Hack the Marine Corps. DoD also runs an ongoing Vulnerability Disclosure Program (VDP) with HackerOne, providing a legal avenue for security researchers to disclose vulnerabilities in any DoD public-facing system. More than 5,000 valid vulnerabilities have been reported as a result.
In 2018, following the successful execution of a 2017 bug bounty and VDP with HackerOne, the General Service Administration’s (GSA) Technology Transformation Service (TTS) awarded HackerOne a multi-year bug bounty contract. GSA was the first federal civilian agency to engage in a bug bounty program and continues to do so today.
Over 1,300 customers worldwide rely on HackerOne and its community of hackers to find critical security weaknesses before they can be exploited. Alibaba, Google, General Motors, Goldman Sachs, Hyatt Hotels, Lufthansa Airlines, Microsoft, Nintendo, Starbucks, Shopify, Paypal, Priceline, Qualcomm, Verizon Media, and global government agencies including MINDEF Singapore, GovTech Singapore, the European Commission, and the U.K. National Cyber Security Centre (NCSC) all work with HackerOne to detect unknown security vulnerabilities.
“We're proud to partner and achieve the FedRAMP In Process milestone as this is one of the most stringent product quality and cybersecurity certifications for IT and SaaS vendors in both the private and public sectors,” said Scott McCormick, Head of Security Compliance at HackerOne. “We plan to complete the final stages of the FedRAMP process this year and look forward to continuing our work with public sector organizations to improve the health and security of their online infrastructure through bug bounty solutions.”
For more information on how HackerOne works with federal agencies, visit the following resources:
- Hack the Pentagon bug bounty program
- Hacker-powered Pen Tests at the U.S. Federal Government
- U.S. Department of Defense Challenge
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,300 other organizations have partnered with HackerOne to find over 120,000 vulnerabilities and award over $52 million in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore.