As Threat Landscape Grows, Legislation Aims to Reduce U.S. Cybersecurity Risk

SAN FRANCISCO, August 24, 2023 – HackerOne, the leader in Attack Resistance Management, commends Congresswoman Nancy Mace (R-SC) on her leadership and focus on strengthening the nation’s cybersecurity resilience with the introduction of the Federal Cybersecurity Vulnerability Reduction Act. If enacted, this legislation would require federal contractors to implement Vulnerability Disclosure Policies (VDP) aligned to internationally recognized standards, helping contractors find and fix software vulnerabilities before bad actors can exploit them. 

This legislation is an important step toward enhancing the cybersecurity resilience of the many businesses that support the federal government and have access to government data. By providing continuous monitoring of these businesses’ systems with clear guidelines to security researchers who safely disclose vulnerabilities, VDPs represent a cost-effective cybersecurity best practice. The federal government has also long recognized that VDPs are one of the most effective methods for obtaining important security vulnerability information. In 2016, the Department of Defense began successfully running the first of many VDPs and all federal agencies were directed by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency to implement VDPs in 2020.

For federal contractors who have not yet implemented their own VDPs, timely identification and remediation of vulnerabilities will improve their network defenses and reduce potential cyber threats that could harm their own systems as well as federal information systems. By calling for all contractors to adopt VDPs, Congresswoman Mace’s Federal Cybersecurity Vulnerability Reduction Act brings a much needed comprehensive approach to protecting federal data and systems. 

“Congresswoman Mace’s introduction of the Federal Cybersecurity Vulnerability Reduction Act fills an important gap in the security of contractors who are supporting government functions.   Engaging the security researcher community through VDPs is a proven, effective way for federal contractors to identify vulnerabilities in their systems. HackerOne stands ready to work with Congress to get this legislation passed and implemented.” – Ilona Cohen, Chief Legal and Policy Officer of HackerOne. 

“We want to thank Congresswoman Mace for introducing such important legislation. The Federal Cybersecurity Vulnerability Reduction Act will ensure federal contractors are well-prepared for an increasingly challenging threat landscape. When federal contractors can effectively address security vulnerabilities, every U.S. citizen will be better protected against cyberattacks. HackerOne supports Congresswoman Mace’s efforts to pass this legislation and sign it into law. – Marten Mickos, CEO of HackerOne

"The Federal Cybersecurity Vulnerability Reduction Act will play a crucial role in safeguarding our nation's digital infrastructure. By mandating Vulnerability Disclosure Policies (VDP) for federal contractors, we can ensure a proactive approach to cybersecurity, enabling contractors to identify and address software vulnerabilities promptly. This legislation, aligned with internationally recognized standards, empowers contractors to stay ahead of malicious actors, preventing potential exploits and protecting sensitive information. With the Federal Cybersecurity Vulnerability Reduction Act, we will reinforce our commitment to a robust and resilient cyberspace, fostering trust and security in the digital age." – Congresswoman Nancy Mace (R-SC)


About HackerOne

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company