From Wikipedia, the free encyclopedia
Jump to: navigation, search

BlueHat or Blue Hat or Blue-Hat is a term used to refer to outside computer security consulting firms that are employed to bug test a system prior to its launch, looking for exploits so they can be closed. In particular, Microsoft uses the term to refer to the computer security professionals they invited to find the vulnerability of their products such as Windows.[1][2][3]

Blue Hat Microsoft Hacker Conference[edit]

An event that is intended to open communication between Microsoft engineers and hackers is called Blue Hat Microsoft Hacker Conference. The event has led to both mutual understanding as well as the occasional confrontation. Microsoft developers were visibly uncomfortable when Metasploit was demonstrated.[4]

Blue Hats and FedRAMP[edit]

On September 5, 2012 Homeland Security Consultants received Third Party Assessment Organization (3PAO) accreditation from the Federal Risk and Authorization Management Program (FedRAMP)[5]to provide security assessment and continuous monitoring for cloud products and services. Homeland Security Consultants leveraged members of the Blue Hat community to develop the penetration test plan used for the winning 3PAO FedRAMP Conformance Package.[6] Currently, Blue Hats are incorporated in Homeland Security Consultants FedRAMP Security Assessment team to provide various services to assess the security of Cloud Service Providers (CSPs).

See also[edit]


  1. ^ "Blue hat hacker Definition". PC Magazine Encyclopedia. Retrieved 31 May 2010. A security professional invited by Microsoft to find vulnerabilities in Windows. 
  2. ^ Fried, Ina (June 15, 2005). ""Blue Hat" summit meant to reveal ways of the other side". Microsoft meets the hackers. CNET News. Retrieved 31 May 2010. 
  3. ^ Markoff, John (October 17, 2005). "At Microsoft, Interlopers Sound Off on Security". New York Times. Retrieved 31 May 2010. 
  4. ^ cNet news - Microsoft Meets the Hackers - Ina Fried (staff writer)
  5. ^ FedScoop - GSA names new FedRAMP 3PAO - David Stegon (staff writer)
  6. ^ - FedRAMP 3PAO Requirements - FedRAMP Program Management Office (PMO)

External links[edit]