Public Policy

HackerOne Goes to Washington (Again)

Ilona Cohen
Chief Legal and Policy Officer
Michael Woolslayer
Policy Counsel
Cyber landscape with the White House

Protecting digital systems starts with proactive collaboration between good-faith security researchers, government leaders, and global partners. Our team recently completed a series of high-level meetings in Washington, D.C., with a focus on championing common-sense cybersecurity best practices and advancing secure AI innovation through red teaming.

Cybersecurity Is a Bipartisan Priority 

Cybersecurity is—and continues to be—a clear bipartisan priority. In meetings with federal cybersecurity leaders and members of Congress, we saw continued alignment on the need to protect critical infrastructure and secure the federal supply chain.

A frequent topic of our meetings with federal cybersecurity leaders and members of Congress was the Federal Contractor Cybersecurity Vulnerability Reduction Act, a bipartisan proposal to close critical gaps in the federal supply chain. Building on the success of existing agency vulnerability disclosure programs (VDPs), we discussed how broader adoption of vulnerability disclosure by contractors could help safeguard sensitive government data and infrastructure. 

VDPs Are Foundational to Modern Security

Across all discussions, one message was clear: VDPs are not optional—they are essential. Secure, accessible channels for vulnerability reporting are a critical part of any mature cybersecurity program.

By enabling ethical hackers to report vulnerabilities safely and transparently, VDPs are a cost-effective, proven approach to reducing cyber risk and strengthening trust between organizations and the security research community. Expanding these programs beyond federal agencies to include contractors is a key step toward a more resilient cyber ecosystem.

HackerOne CEO Kara Sprague and Chief Legal Officer and Chief Policy Officer Ilona Cohen meet with U.S. senators and representatives in Washington D.C.
HackerOne CEO Kara Sprague and Chief Legal Officer and Chief Policy Officer Ilona Cohen outside the White House after meeting with the Federal Chief Information Security Officer (top left). Sprague and Cohen also met with Senator Elisa Slotkin (D-MI) (top right), Chairman of the House Committee on Oversight and Accountability, Representative James Comer (R-KY) (bottom left), and Ranking Member of the Senate Committee on Homeland Security & Governmental Affairs, Senator Gary Peters (D-MI) (bottom right).

Strengthening Trust in Security

Our conversations with partners from Australia, Japan, and the European Union underscored the growing international momentum behind coordinated vulnerability disclosure and proactive vulnerability risk management. Regional approaches and global standards relating to CVD and vulnerability management continue to evolve through private sector adoption of best practices and efforts like the EU’s NIS2 Directive and Cyber Resilience Act. 

Trusted partners in security are more valuable than ever before. The appetite for best-in-class, security-enhancing products and services is strong. Even as new considerations emerge on the global stage, partners largely remain focused on the outcomes you can deliver. HackerOne proudly continues to offer insight and technical perspective to help improve security and support good faith security researchers.

A Shared Commitment to Resilience

Throughout these meetings, one theme was clear: cybersecurity is a shared responsibility. From legislative action to international cooperation, we were encouraged by the continued recognition that ethical hackers and well-structured disclosure programs are essential to resilience. HackerOne is dedicated to advancing policies that mitigate risk, support defenders, and protect the systems critical to our daily lives.

As cyber threats grow in scope and complexity, we’ll continue to work alongside public- and private-sector leaders to make the digital world safer, together.

Vulnerability Disclosure Program