HackerOne and Other Leading Companies Support Legislation to Strengthen Federal Contractor Cybersecurity

March 3rd, 2025

WASHINGTON, D.C., March 3, 2025 – HackerOne led a group of leading companies that sent a letter to House and Senate leadership to voice their strong support for the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 and to encourage swift action to enact it into law.

The bill, introduced in the House by Representatives Nancy Mace (R-SC) and Shontel Brown (D-OH), would strengthen the cybersecurity of the federal government and its contractors by requiring federal contractors to implement a Vulnerability Disclosure Policy to receive and address security vulnerabilities. The bill is scheduled for a vote in the full House of Representatives today.

“This bill will strengthen our country’s defenses against growing cyberattacks from China and other foreign entities,” said Ilona Cohen, chief legal and policy officer of HackerOne. “Vulnerability disclosure policies are a simple and effective approach to ensure that federal contractors can identify and mitigate security vulnerabilities before they can be exploited.”

Vulnerability Disclosure Policies have been widely adopted by federal agencies, boosted by the bipartisan Internet of Things Cybersecurity Improvement Act of 2020 and memorandums issued by the Trump administration in 2020. The Federal Contractor Cybersecurity Vulnerability Reduction Act would expand the requirement to federal contractors, ensuring that they align with the same cybersecurity standards as federal agencies. The bill enjoyed broad bipartisan support last Congress, passing the House of Representatives as part of the National Defense Authorization Act. Companion legislation introduced in the Senate by Senators Mark Warner (D-VA) and James Lankford (R-OK) was advanced out of committee.

About HackerOne

HackerOne is a global leader in finding and fixing critical vulnerabilities and AI safety issues. Our industry-leading HackerOne Platform combines AI with the expertise of the world’s largest community of security researchers to uncover and remediate vulnerabilities and AI safety issues across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, code review, and AI red teaming. We are trusted by industry leaders like Coinbase, General Motors, GitHub, Goldman Sachs, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.