Tech

GSA awards $2M bug bounty service contract to HackerOne

The contract will extend a pilot partnership formed in August 2017.

September 21, 2018

(iStockPhoto)

The General Services Administration is going all in on bug bounties.

After a successful pilot collaboration, the agency’s Technology Transformation Service recently awarded a $2 million contract to HackerOne for the facilitation of its bug bounty programs over the next few years.

“The Technology Transformation Service bug bounty program with HackerOne is yet another reminder of the leadership role that the U.S. federal government has taken in vulnerability disclosure,” HackerOne CEO Marten Mickos said in a statement. “Over the last year, GSA has proved to be one of the fastest government agencies in regards to resolution time, resolving vulnerabilities markedly faster than the global average for government bug bounty programs. GSA’s commitment to resolving vulnerabilities quickly benefits all U.S. citizens and is something that HackerOne is proud to be a part of.”

TTS and HackerOne began a partnership in August 2017, with an initial focus on the 18F-built Federalist website publishing service. GSA was the first civilian agency to use bug bounties as a way to let members of the general public find and disclose website vulnerabilities in return for cash prizes. GSA later added other domains, like common login platform login.gov, to the challenge. In total, GSA paid out $21,450 in bounties during the initiative’s pilot phase.

Now, GSA is looking to extend the collaboration.

The new contract has a base performance period of six months, with nine option periods of six months each for a total of five years.

GSA isn’t the only federal agency HackerOne works with — the security company partnered with the Department of Defense to launch the federal government’s first bug bounty, Hack the Pentagon, in 2016. Since then it has run a number of programs for DOD, including Hack the Army, Hack the Air Force, Hack the DTS, Hack the Air Force 2, and Hack the Marine Corps.

CIOs at federal agencies are increasingly realizing that bug bounty programs can be a great way to access security expertise the agency may lack in-house. “It goes back to being proactive,” Department of Transportation CIO Vicki Hildebrand said recently. “I don’t want to wait for a bad actor to tell me I’ve got a vulnerability. We’ve got to get ahead of this curve.”

GSA awards $2M bug bounty service contract to HackerOne

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Federal CIO calls on Congress to fund Technology Modernization Fund

Top Stories

Generative AI could raise questions for federal records laws

Cybersecurity executive order requirements are nearly complete, GAO says

White House hopeful ‘more maturity’ of data collection will improve AI inventories

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

State Department encouraging workers to use ChatGPT

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

More Scoops

GSA to add facial recognition option to Login.gov in 2024

Rep. Mace proposes new vulnerability disclosure rules for contractors

GSA names new Technology Transformation Services deputy director

Biden administration names Ann Lewis director of GSA’s Technology Transformation Services

TMF awards U.S. AbilityOne Commission $1.8M to update procurement software

GSA’s Zvenyach: US Digital Corps technologists are already transforming government services

Ongoing bug-bounty pilot pinpoints many vulnerabilities in DOD’s cyberspace

Latest Podcasts

GSA awards $2M bug bounty service contract to HackerOne

Los Angeles CIO discusses how AI and cloud technologies transform urban public services

GSA wants to be the leader in federal generative AI

AI Week 2024 has Come and Gone

Tech

Defense

Cyber

Acquisition