CISA Launches New Vulnerability Disclosure Policy Platform

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Launches New Vulnerability Disclosure Policy Platform


The VDP platform provides a single website where agencies can intake, triage, and route the vulnerabilities that researchers disclose.



The Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) has debuted its vulnerability disclosure policy (VDP) platform for the federal civilian enterprise.
Its launch of the VDP follows last falls release of the Binding Operational Directive (BOD 20-01), issued in support of the Office of Management and Budgets M-20-32, Improving Vulnerability Identification, Management, and Remediation. BOD 20-01 requires agencies to establish policies that enable the public to contribute and report vulnerability disclosures.
CISAs platform, run on Bugcrowd and EnDyna, is the newest shared service from CISAs Cyber Quality Services Management Office (QSMO). It provides a single and centrally managed website where agencies can list systems in scope for their vulnerability disclosure policies. On the
platform
, security researchers and members of the public can find flaws in agency websites and submit their reports for analysis. Among the agencies using the platform from the start are the Department of Homeland Security, Department of Labor, and Department of Interior.
This approach is also a cost-saving measure, notes Eric Goldstein, executive assistant director of cybersecurity at CISA, in a blog post on the news. Use of a single platform means agencies no longer need to develop their own disparate systems to enable bug reporting and triage.
The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified, he writes. BugCrowd and EnDyna will conduct an initial assessment of submitted reports, he notes, freeing up agencies resources to focus on those reports that have real impact.
Read Goldsteins
full blog post
for more details.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Launches New Vulnerability Disclosure Policy Platform