CISA Launches New Vulnerability Disclosure Policy Platform

The VDP platform provides a single website where agencies can intake, triage, and route the vulnerabilities that researchers disclose.

The Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) has debuted its vulnerability disclosure policy (VDP) platform for the federal civilian enterprise.
Its launch of the VDP follows last falls release of the Binding Operational Directive (BOD 20-01), issued in support of the Office of Management and Budgets M-20-32, Improving Vulnerability Identification, Management, and Remediation. BOD 20-01 requires agencies to establish policies that enable the public to contribute and report vulnerability disclosures.
CISAs platform, run on Bugcrowd and EnDyna, is the newest shared service from CISAs Cyber Quality Services Management Office (QSMO). It provides a single and centrally managed website where agencies can list systems in scope for their vulnerability disclosure policies. On the
platform
, security researchers and members of the public can find flaws in agency websites and submit their reports for analysis. Among the agencies using the platform from the start are the Department of Homeland Security, Department of Labor, and Department of Interior.
This approach is also a cost-saving measure, notes Eric Goldstein, executive assistant director of cybersecurity at CISA, in a blog post on the news. Use of a single platform means agencies no longer need to develop their own disparate systems to enable bug reporting and triage.
The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified, he writes. BugCrowd and EnDyna will conduct an initial assessment of submitted reports, he notes, freeing up agencies resources to focus on those reports that have real impact.
Read Goldsteins
full blog post
for more details.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISA Launches New Vulnerability Disclosure Policy Platform