Stephanie Sum

May 2020 Update: HACKERONE RECEIVES FEDRAMP AUTHORIZATION FROM U.S. FEDERAL GOVERNMENT

 

FedRAMP Authorization Streamlines HackerOne’s Ability to Provide Crowdsourced Security Solutions to U.S. Public Sector

SAN FRANCISCO-- May 15, 2019  --HackerOne, the global leader in hacker-powered security, today announced that it has achieved Federal Risk and Authorization Management Program (FedRAMP) In Process status for Tailored Low impact - Software as a Service (Li-SaaS), a milestone that extends the company's ability to serve U.S. federal agencies. 

FedRAMP is considered the gold standard for security certifications and is widely recognized as one of the most demanding security regulations. FedRAMP In Process status signifies the addition of HackerOne’s full suite of hacker-powered security solutions, including Bug Bounty, Vulnerability Disclosure and Compliance solutions, to the FedRAMP marketplace — a menu of certified solutions for government organizations. HackerOne is expected to achieve FedRAMP Authorized status by 2020.

“HackerOne is extremely proud to take the first step in being recognized by the FedRAMP program and its mission to standardize security in the public sector,” said Matt Bianco, Director of Federal at HackerOne. “This milestone demonstrates the unique approach HackerOne is taking to assist the federal government in securing their systems. By meeting FedRAMP’s rigorous security standards, any federal agency will soon be able to seamlessly implement crowdsourced security solutions from HackerOne.”

FedRAMP ensures a more streamlined procurement process by standardizing security requirements across all federal agencies as opposed to having different security requirements for different agencies. This allows federal agencies to quickly adopt new technologies that meet various levels of certification. All FedRAMP Authorized, In Process, and Ready certified solutions are listed on the marketplace.

HackerOne has worked with the U.S. Federal Government since 2016, starting with the first crowdsourced security initiative “Hack the Pentagon.” With the success of the initiative, HackerOne has operated several bug bounty challenges for the DoD, including Hack the ArmyHack the Air ForceHack the Air Force 2.0Hack the Air Force 3.0Hack the Defense Travel System, and Hack the Marine Corps. DoD also runs an ongoing Vulnerability Disclosure Program (VDP) with HackerOne, providing a legal avenue for security researchers to disclose vulnerabilities in any DoD public-facing system. More than 5,000 valid vulnerabilities have been reported as a result.

In 2018, following the successful execution of a 2017 bug bounty and VDP with HackerOne, the General Service Administration’s (GSA) Technology Transformation Service (TTS) awarded HackerOne a multi-year bug bounty contract. GSA was the first federal civilian agency to engage in a bug bounty program and continues to do so today.

Over 1,300 customers worldwide rely on HackerOne and its community of hackers to find critical security weaknesses before they can be exploited. Alibaba, Google, General Motors, Goldman Sachs, Hyatt Hotels, Lufthansa Airlines, Microsoft, Nintendo, Starbucks, Shopify, Paypal, Priceline, Qualcomm, Verizon Media, and global government agencies including MINDEF Singapore, GovTech Singapore, the European Commission, and the U.K. National Cyber Security Centre (NCSC) all work with HackerOne to detect unknown security vulnerabilities.

“We're proud to partner and achieve the FedRAMP In Process milestone as this is one of the most stringent product quality and cybersecurity certifications for IT and SaaS vendors in both the private and public sectors,” said Scott McCormick, Head of Security Compliance at HackerOne. “We plan to complete the final stages of the FedRAMP process this year and look forward to continuing our work with public sector organizations to improve the health and security of their online infrastructure through bug bounty solutions.”