Press release

HackerOne Achieves FedRAMP In Process Milestone

Sponsored by Businesswire

the global leader in hacker-powered security, today announced that it
has achieved Federal Risk and Authorization Management Program (FedRAMP) In
for Tailored Low impact – Software as a Service
(Li-SaaS), a milestone that extends the company’s ability to serve U.S.
federal agencies.

FedRAMP is considered the gold standard for security certifications and
is widely recognized as one of the most demanding security regulations.
FedRAMP In Process status signifies the addition of HackerOne’s
full suite of hacker-powered security solutions, including Bug Bounty,
Vulnerability Disclosure and Compliance solutions, to the FedRAMP
marketplace — a menu of certified solutions for government
organizations. HackerOne is expected to achieve FedRAMP Authorized
status by 2020.

“HackerOne is extremely proud to take the first step in being recognized
by the FedRAMP program and its mission to standardize security in the
public sector,” said Matt Bianco, Director of Federal at HackerOne.
“This milestone demonstrates the unique approach HackerOne is taking to
assist the federal government in securing their systems. By meeting
FedRAMP’s rigorous security standards, any federal agency will soon be
able to seamlessly implement crowdsourced security solutions from

FedRAMP ensures a more streamlined procurement process by standardizing
security requirements across all federal agencies as opposed to having
different security requirements for different agencies. This allows
federal agencies to quickly adopt new technologies that meet various
levels of certification. All FedRAMP Authorized, In Process, and Ready
certified solutions are listed on the marketplace.

HackerOne has worked with the U.S. Federal Government since 2016,
starting with the first crowdsourced security initiative “Hack the
Pentagon.” With the success of the initiative, HackerOne has operated
several bug bounty challenges for the DoD, including Hack
the Army
, Hack
the Air Force
, Hack
the Air Force 2.0
, Hack
the Air Force 3.0
, Hack
the Defense Travel System
, and Hack
the Marine Corps
. DoD also runs an ongoing Vulnerability
Disclosure Program
(VDP) with HackerOne, providing a legal avenue
for security researchers to disclose vulnerabilities in any DoD
public-facing system. More than 5,000 valid vulnerabilities have been
reported as a result.

In 2018, following the successful execution of a 2017 bug
bounty and VDP with HackerOne
, the General
Service Administration’s
(GSA) Technology Transformation Service
(TTS) awarded HackerOne a multi-year
bug bounty contract
. GSA was the first federal civilian agency to
engage in a bug bounty program and continues to do so today.

Over 1,300 customers worldwide rely on HackerOne and its community of
hackers to find critical security weaknesses before they can be
exploited. Alibaba, Google, General Motors, Goldman Sachs, Hyatt Hotels,
Lufthansa Airlines, Microsoft, Nintendo, Starbucks, Shopify, Paypal,
Priceline, Qualcomm, Verizon Media, and global government agencies
including MINDEF Singapore, GovTech Singapore, the European Commission,
and the U.K. National Cyber Security Centre (NCSC) all work with
HackerOne to detect unknown security vulnerabilities.

“We’re proud to partner and achieve the FedRAMP In Process
milestone as this is one of the most stringent product quality and
cybersecurity certifications for IT and SaaS vendors in both the private
and public sectors,” said Scott McCormick, Head of Security Compliance
at HackerOne. “We plan to complete the final stages of the FedRAMP
process this year and look forward to continuing our work with public
sector organizations to improve the health and security of their online
infrastructure through bug bounty solutions.”

For more information on how HackerOne works with federal agencies, visit
the following resources:

About HackerOne

HackerOne is the #1 hacker-powered
security platform
, helping organizations find and fix critical
vulnerabilities before they can be exploited. More Fortune 500 and
Forbes Global 1000 companies trust HackerOne than any other
hacker-powered security alternative. The U.S. Department of Defense,
General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, MINDEF
Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the
CERT Coordination Center and over 1,300 other organizations have
partnered with HackerOne to find over 120,000 vulnerabilities and award
over $52 million in bug
. HackerOne is headquartered in San Francisco with offices
in London, New York, the Netherlands, and Singapore.