HackerOne Applauds Announcement of Bipartisan Federal Contractor Cybersecurity Vulnerability Reduction Act in Senate

Washington, D.C., August 9, 2024 – HackerOne applauds the announcement today by Senator Mark Warner (D-VA) and Senator James Lankford (R-OK) of the Federal Contractor Cybersecurity Vulnerability Reduction Act, legislation they will introduce in the Senate. The bill would enhance the government’s cyber defenses by requiring covered federal contractors to implement vulnerability disclosure programs (VDPs). VDPs are a widely accepted cybersecurity best practice that helps system operators address vulnerabilities before cybercriminals exploit them.

“This bipartisan legislation addresses a critical gap in our nation’s cybersecurity protections by bringing the practices of federal contractors in line with those of the agencies they serve and with guidelines issued by the National Institute of Standards and Technology,” said Ilona Cohen, Chief Legal and Policy Officer of HackerOne. “This proactive approach to security will ensure that businesses are actively protecting government systems, critical infrastructure, and sensitive data from exploitation by malicious actors. We applaud Senators Warner and Lankford for their leadership on this important issue.”

While federal agencies have implemented VDP programs, not all government contractors have adopted VDPs of their own. Federal contractors are an integral part of federal supply chains and infrastructure, and they pose a unique security risk given their proximity to government data and access to government networks.

The U.S. House of Representatives approved companion legislation as part of the National Defense Authorization Act of 2025. HackerOne led 18 other companies in urging Congressional leadership to pass the legislation and encourages the Senate to advance this important measure.