"DHS, GSA Propose Centralized Vulnerability Disclosure Platform"

The Department of Homeland Security (DHS) and the General Services Administration (GSA) recently issued a request for information, asking for feedback on how to set up a cloud-based centralized vulnerability disclosure platform for the federal government. The platform will facilitate the submission of vulnerabilities found in government agencies' internet-accessible systems by security researchers. The central platform will also track and validate incoming reports as well as allow web-based communication between reporters and agencies in efforts to remediate vulnerabilities. The system is essential as most federal agencies do not have formal mechanisms in place to receive reports from security researchers on potential security vulnerabilities contained by their systems. This article continues to discuss the proposed centralized vulnerability disclosure platform, the lack of defined strategies for managing vulnerability disclosure reports in most federal agencies, and concerns about the legal protection of security researchers.

FCW reports "DHS, GSA Propose Centralized Vulnerability Disclosure Platform"