US Federal

Strengthen National Security, One Vulnerability at a Time

HackerOne's FedRAMP-authorized platform combines elite security researcher expertise with AI-powered solutions for unmatched vulnerability elimination across your agency's systems.

Why Federal agencies choose HackerOne

Image
Security
HackerOne Partners

Federal contract vehicles & partners

HackerOne solutions are available through multiple federal contract vehicles and partners, making procurement straightforward for government agencies. 

  • GS-35F-0511T
  • NASA SEWP VDoD FA2 CVDD ( IDIQ)
  • Carahsoft
  • AWS Marketplace
  • Hack DHS: CVAS
  • Secure Soft Technologies
Image
zerotrust
Zero Trust Mandate

We support your zero trust strategy

Learn how human security testing helps the U.S. government’s zero trust mandate.

Read blog post

Image
Clear
Crowdsourced Security

Vetted security researchers for federal government programs

For sensitive testing requirements, our Clear program provides government agencies with access to ID-verified, background-checked, citizenship-filtered, location-specific, and security-cleared researchers.

Federal security ROI: Measured in minutes & millions

Hack the Pentagon

13
Minutes to first vulnerability report
200
Reports submitted in first 6 hours
138
Valid vulnerability reports
$75k
Bounties paid

Defense Industrial Base VDP Pilot

12
Month pilot program
1,019
Vulnerability reports processed
400
Vulnerabilities remediated
$61m
Saved for taxpayers

Hack U.S.

7
Days
267
Security researchers
349
Valid vulnerability reports
$75k
Bounties paid

DoD DC3 VDP

100%
Response
11
Hours to triage
50k+
Reports received
2,738
Security researchers thanked
Strength in every layer

Built around a defense-in-depth strategy.

This layered approach creates a feedback loop that evolves with emerging threats, keeping you one step ahead.

 

Wistia URL
Questions about VDP?

Consult our security experts.

According to the CISA binding operational directive 20-01, federal agencies must implement a VDP. The directive has many federal agencies asking questions such as:

  • How do we set up a system for quickly triaging vulnerabilities that both satisfies compliance requirements and doesn’t overwhelm our team?
  • How do we manage inbound vulnerability reports and communicate with external researchers safely and efficiently?
  • How do we satisfy all CISA requirements before the deadline without compromising our holistic security posture?

Our security experts are here to consult you on the best course of action for your agency.