HackerOne Backs Senate Legislation to Protect Sensitive Government Information from Foreign Threats

Washington, D.C., May 23, 2025 – HackerOne today voiced its strong support for the Federal Contractor Cybersecurity Vulnerability Reduction Act introduced in the U.S. Senate by Senators James Lankford (R-OK) and Mark Warner (D-VA).

The bipartisan bill would require federal contractors to implement a vulnerability disclosure policy to receive and address security vulnerabilities, facilitating their ability to protect sensitive government and personal information before the vulnerabilities can be exploited by malicious actors.

“With cyberattacks by foreign adversaries and criminals on the rise, this legislation addresses a critical gap in our nation’s defenses,” said Ilona Cohen, chief legal and policy officer at HackerOne. “This common-sense legislation brings the practices of federal contractors in line with those of the agencies they serve and is essential to protect the government information and personal data they process.”

Federal agencies have made significant progress in implementing vulnerability disclosure policies, with support across administrations. According to the White House Office of Management and Budget, vulnerability disclosure policies “are among the most effective methods for obtaining new insights regarding security vulnerability information and provide high return on investment.” The legislation would extend this best practice used by federal agencies to the federal contractors that support government operations and are often the target of cyberattacks seeking to exploit vulnerabilities to gain access to government information.

“We commend Senators Lankford and Warner for leading this important effort to protect the data and sensitive information of the federal government and American citizens,” said Kara Sprague, CEO of HackerOne. “We encourage the Senate to make this bill a priority and enact it into law.”

Similar legislation was passed by the U.S. House of Representatives earlier this year.

About HackerOne

HackerOne is a global leader in offensive security solutions. Our industry-leading HackerOne Platform combines AI with the ingenuity of the world’s largest community of security researchers to uncover and remediate vulnerabilities and AI safety issues across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, and AI red teaming. We are trusted by industry leaders like Coinbase, General Motors, GitHub, Goldman Sachs, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.