Latest content by Eric Mill
The Next Step Towards a Bug Bounty Program for the Technology Transformation Service
We took a big step toward creating a bug bounty program for our agency by issuing an award to HackerOne for a Software-as-a-Service bug-reporting platform.
DotGov Domain Registration Program to Provide HTTPS Preloading in May
Effective May 15, 2017, GSA’s DotGov Domain Registration Program will begin providing HSTS Preloading services for federal agencies. This new service helps ensure that visitor communication with .gov websites is not modified or compromised, and hostile networks cannot inject malware, tracking beacons, or otherwise monitor or change visitor interactions online.
Automatic HTTPS Enforcement for New Executive Branch .gov Domains
HTTPS is a necessary baseline for security on the modern web. Non-secure HTTP connections lack integrity protection, and can be used to attack citizens, foreign nationals, and government staff. HTTPS provides increased confidentiality, authenticity, and integrity that mitigate these attacks.
Exciting Additions to Analytics.usa.gov
We’ve expanded analytics.usa.gov to include 15(!) more agency-specific dashboard pages. We now offer agency-specific analytics data pages for a total of 25 major federal agencies, and each one is accessible from the dropdown menu at the top of the site.
Analytics.usa.gov: Now with Agency-Specific Dashboards
We’ve added agency-specific dashboards to analytics.usa.gov!
Analytics.usa.gov: New Features and More Data
As of writing this post, 25,225 of the 124,878 total visitors on federal government websites participating in the Digital Analytics Program (DAP) are NOT located in the United States. And as a result of
Secure Central Hosting for the Digital Analytics Program
The U.S. government’s Digital Analytics Program (DAP) collects Web traffic and analytics data from across the federal government.
An Introduction to HTTPS, by 18F and DigitalGov University
18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we’ve recently partnered with DigitalGov University to produce a two-video series introducing the why’s and how’s of HTTPS. In an Introduction to HTTPS for beginners, we cover what happens when
Taking the Pulse of the Federal Government’s Web Presence
The U.S. federal government is launching a new project to monitor how it’s doing at best practices on the Web.
A New Look at the Freedom of Information Act
There are many ways the public can get information from the federal government. For example, you can check out Data.gov to find scores of datasets and APIs, agency websites for information about their work, or other important information in online FOIA Libraries. Or you can also just ask for it. Since 1966, the Freedom of
Working In Public From Day 1
In the wide world of software, maybe you’ve heard someone say this, or maybe you’ve said it yourself: “I’ll open source it after I clean up the code; it’s a mess right now.” Or: “I think there are some passwords in there; I’ll get around to cleaning it out at some point.” Or simply: “No
Hot off the Press: 18F’s API Standards
We recently released the first version of our API Standards—a set of recommendations and guidelines for API production. It is our intention that every 18F API meet these standards, to help us ensure a baseline quality and consistency across all APIs we offer now and in the future. These standards guide