cweiner@hackerone.com
Submitted by cweiner@hacker… on
Back to Press Releases Press Releases

HackerOne and Leading Tech Trade Associations and Companies Urge Congress to Keep Bipartisan Federal Cybersecurity Vulnerability Reduction Act in National Defense Authorization Act

WASHINGTON, D.C., OCTOBER 16, 2024 – HackerOne today led a group of top technology trade associations and companies in urging Congressional leadership to retain Section 1747 of the House-passed Fiscal Year 2025 National Defense Authorization Act to require federal contractors to adopt a Vulnerability Disclosure Policy.

“This important legislation builds on work done by federal agencies to implement vulnerability disclosure policies,” said Ilona Cohen, chief legal and policy officer of HackerOne. “Enacting this language into law would fill a critical gap in our nation’s cybersecurity readiness by bringing the practices of federal contractors in line with the agencies they serve.”

Federal contractors and subcontractors play a crucial role in supporting the government's operations and often handle sensitive government information and personal data. As a result, they are frequent targets for cyberattacks by hackers seeking to exploit vulnerabilities to gain access to government information. 

Under Sec. 1747, federal contractors would be required to implement a Vulnerability Disclosure Policy (VDP) as a means to receive disclosures of security vulnerabilities in their software and systems. This would ensure that, despite the continuously evolving threat landscape, contractors are equipped to address security vulnerabilities proactively, implementing necessary patches or other mitigations as needed to protect critical systems before they can be exploited. According to the White House Office of Management and Budget, vulnerability disclosure policies “are among the most effective methods for obtaining new insights regarding security vulnerability information and provide high return on investment.”  

Sec. 1747 of the House-passed NDAA enjoys strong bipartisan support in both the House and Senate. It mirrors the language of H.R. 5255, the Federal Cybersecurity Vulnerability Reduction Act, introduced by Congresswoman Nancy Mace (R-SC) and approved 42-0 by the Committee on Oversight and Accountability in May and S. 5028, the Federal Contractor Cybersecurity Vulnerability Reduction Act, introduced by Senators Mark Warner (D-VA) and James Lankford (R-OK).

About HackerOne

HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, Snap Inc., and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.