Public Policy
HackerOne advocates for policies and standards around the world that support our customers, advance protections for the hacker community, and promote adoption of cybersecurity best practices.
Interactive Map
Global Vulnerability Policy Map
Explore our global map of policies and standards related to vulnerability disclosure.
From the Public Policy Blog
Featured Posts
HackerOne Answers
Policy Comments
When regulators have questions about policies and standards around the world, HackerOne has the answers.
- [U.S.] Comments on the Development of an Artificial Intelligence (AI) Action Plan (March 14, 2025)
- [U.S.] NIST Cybersecurity and AI Workshop Concept Paper (March 14, 2025)
- [U.S.] HackerOne Comments on Second Draft of the General-Purpose AI Code of Practice (January 15, 2025)
- [U.S.] HackerOne Comments on NIST AI 800-1 Managing the Risk of Misuse (September 9, 2024)
- [U.K.] UK Call for Views on the Cyber Security of AI Comments (August 9, 2024)
- [U.S.] HackerOne Response to OMB AI RFI (April 29, 2024)
- [U.S.] Comments on NIST RFI on Artificial Intelligence Executive Order (February 2, 2024)
- [UN] HackerOne Letter to the UN Convention Against Cybercrime (November 14, 2024)
- [U.S.] HackerOne Applauds Senator Warner’s Support for Legal Protection of AI Red Teaming (May 29, 2024)
- [U.S.] Request for DOJ to Develop a Charging Policy under the CFAA to Protect Independent AI Trustworthiness Research (April 16, 2024)
- [U.S.] Comment in Support of a DMCA Exemption for GenAI Research (March 18, 2024)
- [U.S.] Comments on DMCA Section 1201 Generative AI Research (December 21, 2023)
- [U.K.] Response to UK Computer Misuse Act Consultation (April 6, 2023)
- [U.K] Comments on UK DCMS Cyber Profession Pathway (March 19, 2022)
- [U.K.] Response to UK Computer Misuse Act Call for Information (June 8, 2021)
- [U.S.] HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information (March 7, 2025)
- [EU] Pall Mall Process Draft Code of Practice for States to Tackle the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities (March 6, 2025)
- [EU] HackerOne Comments on NIS 2 Implementing Guidance (January 9, 2025)
- [U.S.] HackerOne CISA and FBI Bad Practices Comments (December 16, 2024)
- [U.K.] UK Code of Practice for Software Vendors Comments (August 9, 2024)
- [EU] HackerOne Comments on Implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (June 28, 2024)
- [U.S.] HackerOne NY Hospital Cybersecurity Requirements Comments (February 5, 2024)
- [U.S.] Comments on Cybersecurity for Unclassified Federal Information Systems (FAR Case 2021-019) (February 2, 2024)
- [U.S.] Comments on Federal Contractor Cybersecurity (FAR Case 2021-017) (February 2, 2024)
- [U.S.] Comments to NIST CSF 2.0 Public Draft (November 6, 2023)
- [U.S.] Response to NIST 800-171r3 Draft (July 12, 2023)
- [U.S.] Response to CISA Secure Software Attestation Form (June 23, 2023)
- [U.S] Comments on Cyber Requirements for Federal Insurance (December 14, 2022)
- [U.S.] Comments on FDA Cybersecurity in Medical Devices (July 7, 2022)
- [U.S.] Comments on NIST SP 800-53B (September 10, 2020)
- [U.S.] Proposals for Regulating Consumer Smart Product Cyber Security (September 3, 2020)
Meet the team
HackerOne Public Policy Team

Ilona Cohen
Chief Legal and Policy Officer

Michael Woolslayer
Policy Counsel

Vanessa Booth
Policy Analyst