"CISA Wants a Vulnerability Disclosure Program At Every Agency"
The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) wants a vulnerability disclosure policy in place for every federal agency. Each federal agency would be required to create a formal process for security researchers to safely and legally disclose the vulnerabilities that they discover in the agency's public-facing websites, as well as security flaws found in other IT infrastructure. The implementation of vulnerability disclosure policies would alleviate concerns among public security researchers about the violation of laws when disclosing discovered security vulnerabilities to the government. The proposed directive would require agencies to create a web-based system for receiving information from researchers about potential vulnerabilities, develop a vulnerability disclosure policy, set clear limitations regarding hacking methods, and more. This article continues to discuss the directive proposed by CISA and the importance of establishing vulnerability disclosure policies.
NextGov reports "CISA Wants a Vulnerability Disclosure Program At Every Agency"