Eric Mill

The Next Step Towards a Bug Bounty Program for the Technology Transformation Service

On May 9, we took a big step toward creating a bug bounty program for our agency by issuing an award to HackerOne for a Software-as-a-Service bug-reporting platform. The TTS Bug Bounty will be a security initiative to pay people for identifying bugs and security holes in software operated by the General Service Administration’s Technology Transformation Service (TTS), which includes 18F. This will be the first public bug bounty program run by a civilian agency, and follows in the footsteps of the Hack the Pentagon and Hack the Army bug bounty programs run by the Department of Defense.

Read More →

DotGov Domain Registration Program to Provide HTTPS Preloading in May

Effective May 15, 2017, GSA’s DotGov Domain Registration Program will begin providing HSTS Preloading services for federal agencies. HSTS stands for HTTP Strict Transport Security (or HTTPS, for short). This new service helps ensure that visitor communication with .gov websites is not modified or compromised, and hostile networks cannot inject malware, tracking beacons, or otherwise monitor or change visitor interactions online. As part of this new service, any federal government executive branch .

Read More →

Automatic HTTPS Enforcement for New Executive Branch .Gov Domains

HTTPS is a necessary baseline for security on the modern web. Non-secure HTTP connections lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks. In June 2015, the White House required all new federal web services to support and enforce HTTPS connections over the public internet, and for agencies to migrate existing web services to HTTPS by the end of calendar year 2016.

Read More →

Exciting Additions to Analytics.usa.gov

We’ve expanded analytics.usa.gov to include 15(!) more agency-specific dashboard pages. We now offer agency-specific analytics data pages for a total of 25 major federal agencies, and each one is accessible from the dropdown menu at the top of the site. Additionally, we’ve moved the downloadable datasets to their own pages, rather than be located on the dashboard pages themselves. The page to download aggregated data for all participating sites is now analytics.

Read More →

Analytics.usa.gov: Now with Agency-Specific Dashboards

We’ve added agency-specific dashboards to analytics.usa.gov! Starting today, you’ll see a dropdown from the main analytics.usa.gov page that allows you to view the same dashboard, but filtered for websites that are administered by one of 10 specific agencies: Department of Commerce Department of Education Department of Energy Department of the Interior Department of Justice Department of Veterans Affairs Environmental Protection Agency National Aeronautics and Space Administration National Archives and Records Administration Small Business Administration What Do These Pages Show Me?

Read More →

Analytics.usa.gov: New Features and More Data

As of writing this post, 25,225 of the 124,878 total visitors on federal government websites participating in the Digital Analytics Program (DAP) are NOT located in the United States. And as a result of a new location feature on the expanded analytics.usa.gov, you are free to check for yourself how many current users are from outside the country, anytime you’d like. Back in March of this year, DAP released analytics.

Read More →

Secure Central Hosting for the Digital Analytics Program

The U.S. government’s Digital Analytics Program (DAP) collects Web traffic and analytics data from across the federal government. That data flows into a very large central account, and some of that data is automatically made public in real time at analytics.usa.gov. To accomplish this feat, participating federal websites need to add a [CODE] reference to a standard bit of JavaScript code. Until now, the only option agencies have had is to host this JavaScript file themselves, like this:

Read More →

An Introduction to HTTPS, by 18F and DigitalGov University

18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we’ve recently partnered with DigitalGov University to produce a two-video series introducing the why’s and how’s of HTTPS. In an Introduction to HTTPS for beginners, we cover what happens when you use the web, how HTTPS helps protect users, and examines why the web (including the U.

Read More →

Taking the Pulse of the Federal Government’s Web Presence

The U.S. federal government is launching a new project to monitor how it’s doing at best practices on the Web. A sort of health monitor for the U.S. government’s websites, it’s called Pulse and you can find it at pulse.cio.gov. Pulse is a lightweight dashboard that uses the official .gov domain list to measure two things: Analytics: Whether federal executive branch domains are participating in the Digital Analytics Program (DAP) that powers analytics.

Read More →

A New Look at the Freedom of Information Act

There are many ways the public can get information from the federal government. For example, you can check out Data.gov to find scores of datasets and APIs, agency websites for information about their work, or other important information in online FOIA Libraries. Or you can also just ask for it. Since 1966, the Freedom of Information Act, FOIA, has granted the public the right to access information from the federal government.

Read More →

Working In Public From Day 1

In the wide world of software, maybe you’ve heard someone say this, or maybe you’ve said it yourself: “I’ll open source it after I clean up the code; it’s a mess right now.” Or: “I think there are some passwords in there; I’ll get around to cleaning it out at some point.” Or simply: “No way, it’s just too embarrassing.” These feelings are totally natural, but keep a lot of good work closed that could easily have been open.

Read More →

Hot off the Press: 18F’s API Standards

We recently released the first version of our API Standards—a set of recommendations and guidelines for API production. It is our intention that every 18F API meet these standards, to help us ensure a baseline quality and consistency across all APIs we offer now and in the future. These standards guide the user-facing implementation details of an API. Wherever possible, the standards prescribe a goal instead of a specific technology.

Read More →

Top