U.S. House Bill Will Protect Sensitive Government Information Amid Escalating Foreign Threats, HackerOne Says
Washington, D.C., January 31, 2025 – HackerOne today strongly endorsed the Federal Contractor Cybersecurity Vulnerability Reduction Act, bipartisan legislation reintroduced in the U.S. House of Representatives by Representatives Nancy Mace (R-SC) and Shontel Brown (D-OH). The legislation requires federal contractors to implement a Vulnerability Disclosure Policy (VDP) as a means to receive disclosures of security vulnerabilities in their software and systems.
“As our nation faces escalating cyber threats from China and other foreign adversaries, it is critical to protect sensitive government information and personal data. The Federal Contractor Cybersecurity Vulnerability Reduction Act addresses a gap in our nation’s cybersecurity defenses by requiring federal contractors to take a proactive approach to identifying and mitigating vulnerabilities before they can be exploited,” said Ilona Cohen, chief legal and policy officer of HackerOne. “We commend Representatives Mace and Brown for their leadership on this essential legislation.”
Federal agencies have made significant progress in implementing vulnerability disclosure policies, with support across administrations. According to the White House Office of Management and Budget, vulnerability disclosure policies “are among the most effective methods for obtaining new insights regarding security vulnerability information and provide high return on investment.” The legislation would extend this best practice used by federal agencies to the federal contractors that support government operations and are often the target of cyberattacks seeking to exploit vulnerabilities to gain access to government information.
“This bill will strengthen the cybersecurity of our nation’s critical infrastructure by extending Vulnerability Disclosure Policies throughout the supply chain that supports our federal agencies,” said Kara Sprague, chief executive officer of HackerOne. “We encourage Congress to enact this critical measure into law.”
The legislation enjoyed strong bipartisan support in both the House and Senate last Congress. The bill was approved unanimously by the House Committee on Oversight and Government Reform and was included in the National Defense Authorization Act passed by the House. Companion legislation introduced by Senators Mark Warner (D-VA) and James Lankford (R-OK) was approved by the Senate Committee on Homeland Security and Government Affairs.
About HackerOne
HackerOne is the global leader in vulnerability elimination through continuous security testing. Its industry-leading HackerOne Platform combines AI with the expertise of the world’s largest community of security researchers to deliver ongoing vulnerability discovery and management across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, code audits, challenges, and AI red teaming. Trusted by industry leaders like Coinbase, General Motors, GitHub, Goldman Sachs, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.