Synack, the most trusted Crowdsourced Security Platform, commends the work of the United States Senate which put the security of American citizens first by passing the National Defense Authorization Act for Fiscal Year 2020 (NDAA) and encouraging all US national security agencies to utilize more effective and efficient security testing through crowdsourced security platforms. The Senate’s decision to declare crowdsourced security testing as a best practice echoes the recommendations laid out by the 2018 National Cyber Strategy and DoD Cyber Strategy.
“The committee recognizes the importance of crowdsourced security testing programs, such as Hack the Pentagon, that utilize technology platforms and ethical security researchers to test for cyber vulnerabilities within the Department of Defense (DOD),” reads the Senate’s report that accompanied the NDAA. “Resources given to the program are insufficient to address the sheer size and scope of potential vulnerabilities. Therefore, in order to better secure the Department from cyberattacks and vulnerabilities, the committee encourages the Department to broaden its use of third party crowdsourced security platforms.”
The NDAA’s recommendation to broaden the use of third party crowdsourced security platforms, defined as not just a crowd of security researchers but also technology, does not stop with the Department of Defense. The Senate also passed the Intelligence Authorization Act on Thursday, which includes a planning requirement to implement third party crowdsourced security testing for every applicable agency and department of the United States.
“The Senate has put a stake in the ground for crowdsourced security across the United States Government, and this comes to the huge benefit of the American people. The cyber threats facing our country are only getting larger and more destructive. Investing in crowdsourced security platforms, augmented by human and artificial intelligence and protected by stringent vetting and controls, are today’s most trusted and resource-efficient way for our country to stay ahead in the cyber war,” Synack CTO and Co-founder Mark Kuhr stated.
The value of crowdsourced security is not limited to the federal government. The model has already become the standard for comprehensive security testing at scale across all major industry verticals, including the Aerospace and Defense industry who uses the innovative model to secure the national security supply chain. According to the 2019 Trust Report, organizations using crowdsourced security for two or more years are up to 200% more secure than those using traditional testing methods.
The Senate’s NDAA passage comes as the federal government faces a 30% increase in the severity of security vulnerabilities year over year. While many federal agencies have taken a proactive, crowdsourced approach to security, the Federal Government is still overwhelmed with critical cyber attacks. Synack finds 150% more breach-worthy vulnerabilities, such as SQL Injection, in Federal Government relative to other industries.
As the pioneer of crowdsourced security within the federal government – first through Hack the Pentagon with the DoD and then driving successful adoption within over 50% US cabinet-level agencies – Synack is honored to provide the federal government with industry-leading and cutting edge technology to secure its most important assets. Synack’s efforts in crowdsourced security has led to 15x growth in government agency adoption and a potential $830M savings for US taxpayers.
Synack, the most trusted crowdsourced security platform, delivers continuous and scalable penetration testing with actionable results. The company combines the world’s most skilled and trusted ethical hackers with AI-enabled technology to create an efficient and effective security solution. Headquartered in Silicon Valley with regional offices around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and close to $1 trillion in Fortune 500 revenue. Synack was founded in 2013 by former US Department of Defense hackers Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO. For more information, please visit www.synack.com.