The First Comprehensive Crowdsourced Penetration Test Built Specifically for Government

Synack, the trusted leader in crowdsourced security, launches a new FISMA compliance feature with security controls built for large-scale government agencies protecting critical assets

REDWOOD CITY, Calif.--()--Synack, the most trusted leader in crowdsourced penetration testing, announces today the availability of the market’s first comprehensive crowdsourced penetration test designed specifically for government, by offering a bug bounty-based vulnerability discovery model coupled with NIST 800-53 guidelines.

Synack co-founders and technical security experts Jay Kaplan and Mark Kuhr came out of the NSA and the US Department of Defense with a shared vision to create a scalable, effective, and trusted security solution for the government. Synack is the first crowdsourced security company to test critical federal government assets through the highly successful Hack the Pentagon project, the first to deliver a comprehensive crowdsourced penetration test to federal government customers, the first to scale their hacker-powered platform with artificial intelligence, and now the first to offer crowdsourced penetration testing via NIST 800-53.

Over the past year, crowdsourced security testing methodologies have been endorsed by the White House, the DoD, and most recently Congress, as they passed the National Defense Authorization Act for fiscal year 2020, to encourage US federal government departments to widen their implementation of crowdsourced testing in order to scale security effectively and reduce risk organization-wide. The 2020 House and Senate NDAA reports state that “ order to better secure the Department [Department of Defense] from cyberattacks and vulnerabilities, the committee encourages the Department to broaden its use of third party crowdsourced security platforms.”

Synack’s Crowdsourced NIST 800-53 Penetration Test can contribute to FISMA compliance without compromising on effective security. Synack’s audit-quality reports will simplify the security testing process, and as the NDAA states, help address the “sheer size and scope of potential vulnerabilities.”

Already deployed in four government agencies and with several government contractors, Synack’s on-demand Crowdsourced Penetration Testing Platform - created by ex-government offensive analysts from the NSA to specifically meet government needs - enables rapid deployment, testing at scale, customer controls, real-time results, and smart, prioritized analytics. Adding NIST SP 800-53 Rev 4 allows departments with strict compliance standards to meet those requirements while still enjoying the benefits of a highly effective testing platform.

“A number of federal agencies trust Synack with their penetration testing and security compliance efforts due to the ease of implementation, the efficiency of the work, and the controls built into our model. We take a ‘no compromise’ approach to security testing. Synack can deploy these tests within 72 hours, centralize results, and produce an audit-quality report,” Synack CTO Mark Kuhr said of the company’s capabilities.

Synack’s crowdsourced penetration test offers >4x ROI compared to a traditional penetration test while maintaining the control and safety mechanisms that bug bounty testing options lack. Last month Synack announced LaunchPoint+, an enhanced secure testing gateway that offers customers the option for greater data privacy through full endpoint control.

As more CISOs at the federal government level look not only to fulfill compliance requirements but also to implement effective, risk-mitigating security, Synack’s Crowdsourced NIST 800-53 Penetration Test is the only offering on the market to realistically mimic an attack with the rigor of the world’s best security talent and proprietary technology while also achieving compliance.

About Synack

Synack, the most trusted crowdsourced security platform, delivers continuous and scalable penetration testing with actionable results. The company combines the world's most skilled and trusted ethical hackers with AI-enabled technology to create an efficient and effective security solution. Headquartered in Silicon Valley with regional offices around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and close to $1 trillion in Fortune 500 revenue. Synack was founded in 2013 by former US Department of Defense hackers Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO. For more information, please visit


Ellie McCardwell, Synack Communications

Release Summary

Synack, the trusted leader in crowdsourced security, launches the first comprehensive crowdsourced penetration test built specifically for government.

Social Media Profiles


Ellie McCardwell, Synack Communications