The Department of Defense has had a vulnerability disclosure program in place on HackerOne since November 21, 2016.
That means, they’re head of 94% of the Forbes Global 2000 who do not have a VDP.
Guidance on vulnerability disclosure has been published by over a half-dozen agencies including the United States Department of Defense, Food and Drug Administration, National Highway Traffic Safety Administration, National Telecommunications and Information Administration, National Institute of Standards and Technology, Federal Trade Commission, and most recently the Department of Justice.
In a Forbes article published this past Tuesday, HackerOne’s VP of Engineering, Alex Bekker, writes how the U.S. Department of Defense, U.S. Air Force, U.S. Army, 18F and others in the government are leading the pack.
You can read the full article on Forbes here: Leading The Pack: How The U.S. Government Is Out-Innovating The Fortune 500