Many of the most secretive and conservative organizations in the world are reaping the benefits of working with the independent security research community with the help of HackerOne. The U.S. Department of Defense runs an ongoing Vulnerability Disclosure Program through HackerOne Response. The Pentagon, The U.S. Army, and The U.S. Air Force have collectively paid hackers over $400K for their efforts in securing mission-critical assets with a collection of HackerOne Challenges. The European Commission recently selected HackerOne as the platform for their first ever bug bounty program with a HackerOne Challenge on the VLC software. The U.S. General Service Administration’s Technology Transformation Service (TTS, aka 18F) launched the first bug bounty program run by a civilian federal agency with HackerOne Bounty. Singapore's Ministry of Defence (MINDEF) ran an immensely successful HackerOne Challenge. Review this slideshare and download the full report to see: How government organizations like EU Commission, Singapore MINDEF, The Pentagon, and more are reaping the benefits of hacker-powered security Statistical successes of each program and testimonials from those running these programs The varied strategies employed to “crawl, walk, and then run” with hacker-powered programs. https://info.hacker.one/trusted-by-governments-around-the-globe/

1. Distributed Defense: How Governments
Deploy Hacker-Powered Security
More and more public sector agencies are recommending,
mandating, and using ethical hackers as a secret weapon
in their approach to cybersecurity.

2. Government Agencies Have Long Recommended
Hacker-Powered Security
“All companies should consider
promulgating a vulnerability
disclosure policy…”
ROD J. ROSENSTEIN, Deputy Attorney General,
U.S. Department of Justice
“Companies should communicate and
coordinate with the security research
community...”
FEDERAL TRADE COMMISSION
“Engage with researchers and the hacker
community in the reporting of vulnerabilities…”
MANIFESTO ON COORDINATED VULNERABILITY DISCLOSURE,
Global Forum on Cyber Expertise
“Manufacturers should also adopt a coordinated
vulnerability disclosure policy…”
U.S. FOOD AND DRUG ADMINISTRATION,
Postmarket Management of Cybersecurity in Medical Devices
See More Quotes Here

3. Now, They are Using it to Enhance Their Own Security
The European Commission recently selected HackerOne as the
platform for their first-ever bug bounty program.
The U.S. Department of Defense (DoD) has used HackerOne
Challenges at the Pentagon, the Army, the Air Force, and more.
Singapore's Ministry of Defence (MINDEF) engaged HackerOne for
the first crowd-sourced security initiative run by a government in
Asia.

4. Hacker-Powered Security Helps Governments
Accelerate Their Security Efforts
Governments aren’t known for their speed, but using
hacker-powered security lets them move faster than
ever before to quickly improve their security posture.
The first-ever bug bounty challenge at the U.S. Department
of Defense had more than 250 vetted hackers identify
138 validated bugs in just 24 days!
Singapore’s Ministry of Defense used vetted hackers to
identify 35 unique bugs and earn $14,750 in just 3 weeks!
“The success of the program
helped us boost our cybersecurity
in a matter of weeks.”
DAVID KOH,
Deputy Secretary (Special Projects)
and Defence Cyber Chief,
Singapore’s Ministry of Defence

5. Here’s How Fast Hacker-Powered Security
is for the DoD
“The return on investment is
incredible, both in terms of cost
and in terms of making
government assets more secure.”
HUNTER PRICE,
Director of Air Force Digital Service
The U.S. DoD’s second challenge, Hack the Army, had
370 hackers report more than 400 bugs and earn over
$100,000 in 3 weeks. The very first report was
submitted within just 5 minutes!
Hack the Air Force was next, with two separate
challenges identifying more than 300 bugs in under
two months. The very first report was submitted just
1 minute after the challenge opened!

6. Hacker-Powered Security Saves Taxpayer Money
“If we had gone through the normal
process of hiring an outside firm to
do a security audit and vulnerability
assessment, which is what we usually
do, it would have cost us more than
$1 million.”
ASH CARTER,
U.S. Secretary of Defense
at the time of the program
Hacker-powered security enables governments to
utilize modern and cost effective security efforts. It’s
a proven approach to improving the security posture
of any agency or organization.
Here’s the math:
Estimated Cost of Their “Normal” Security Audit
and Vulnerability Assessment Process: $1,000,000
Amount Paid by DoD in 1 HackerOne Challenge: − $150,000
TAXPAYER MONEY SAVED: $850,000

7. These U.S. Military Agencies Trust HackerOne
Hack The Pentagon | HackerOne Challenge | April-May 2016
The U.S. Department of Defense made the move into
hacker-powered security with the first bug bounty
program for the federal government. Read more
Hack The Army | HackerOne Challenge | November-December 2016
Building on the Pentagon’s success, this program
targeted operationally significant websites including
those mission critical to recruiting. Read more
Hack the Air Force | HackerOne Challenge | May-June 2017 & December
2017 - January 2018
Expanded the Pentagon’s hacker-powered initiatives to
include non-U.S. participants and an increased bounty
budget. Read more
Hackers Registered 1,400+
First Report 13 minutes
Bounties Paid $75,000
Valid Reports 138
Hackers Participating 371
First Report 5 minutes
Bounties Paid $100,000
Valid Reports 118
Hackers Participants1
275+
First Report 1 minute
Bounties Paid2
$233,883
Valid Reports3
313
1. with 30 from outside U.S. 2. ($130,000+ $103,883) 3. (207 + 106)

8. The U.S. Department
of Defense Uses HackerOne
U.S. DEPARTMENT OF DEFENSE
HackerOne Response | Launched November 2016
After Hack the Pentagon, the DoD noticed bugs were
still being submitted, so they launched an
open-ended Vulnerability Disclosure Policy.
Read more
Hackers Participating 650+
Vulnerabilities Reported 3,000+

9. And These Global Government Agencies
Use HackerOne, Too
HackerOne Bounty | December 2017
The European Commission’s first ever bounty program,
designed to protect critical EU software in the aftermath of
the Heartbleed incident. Read more
HackerOne Challenge | January-February 2018
Singapore’s first crowd-sourced security initiative and the
first program of its kind by a government agency in Asia.
Read more
HackerOne Bounty | August 2017
The first-ever bug bounty program for a civilian federal
agency in the U.S. Read more
EU-Free and Open Source Software
Auditing (EU-FOSSA) Project
Singapore Ministry of Defence
(MINDEF) Bug Bounty Challenge
General Service Administration’s
Technology Transformation Service

10. 1
Put a vulnerability disclosure policy (VDP) in place with HackerOne Response.
Check out HackerOne’s “VDP Basics”, a complete guide for crafting an effective vulnerability
disclosure policy. Or, learn more about HackerOne Response, a turnkey solution to help
organizations receive, respond to, and resolve security vulnerabilities discovered
by third-parties.
2
Try a crowd-sourced penetration test with HackerOne Challenge.
HackerOne Challenge provides a private, turnkey program with a focused scope and a finite
length. It’s an easy way to dip a toe into hacker-powered security, and it’s cost-effective: hackers
are paid for valid results, not man-hours. That means hackers are incentivized to find the issues
with the biggest impact, which directly correlates to the most value to you and to them.
3
Start a continuous bug bounty program with HackerOne Bounty.
HackerOne Bounty enables agencies and organizations to leverage the power of the global hacker
community along with the expert services of HackerOne. Using internal resources, HackerOne’s
professional services team, or a combination of both, a continuous bug bounty program quickly
scales and expands the reach of every security team.
For Governments Getting Started is as Easy as 1-2-3

11. Get started by downloading an ebook
version of this presentation.
DOWNLOAD FREE EBOOK EMAIL US
Learn Why More Governments Choose HackerOne
Or, jump right in and talk with a
HackerOne representative today.