DOD expands vulnerability disclosure program to contracting base in pilot

by • 3 weeks ago

Forty-one defense contractors in the small-to-medium-size range participated in a vulnerability disclosure pilot that resulted in 1,015 reports, of which 401 were validated by system owners for remediation.

Hack the Army event yields 102 critical security gaps

by • 11 months ago

The Army worked with Defense Digital Services and HackerOne on the latest bug bounty, which identified 238 overall vulnerabilities.

Laying the terms for partnerships with ethical hackers

by • 1 year ago

With the backing of CISA, federal civilian agencies can lean on the expertise of ethical hackers as part of their security strategy — but first they need a VDP agreement.

Army launches ‘Hack the Army 3.0’ with more targets for cybersecurity researchers

by • 2 years ago

White-hat hackers will have from mid-December to the end of January to find vulnerabilities in the army.mil domain and other areas specified by the Army.

CISA’s first shared-services offering is delayed by protest

by • 2 years ago

The award of the vulnerability disclosure policy (VDP) platform contract is under protest from HackerOne.

What one bug bounty platform’s FedRAMP authorization means for the industry

by • 2 years ago

HackerOne beat its competitors to federal cloud services authorization, allowing it to deliver the kind of vulnerability disclosure platform sought for agencies governmentwide.