"Sen. Warner Says DoD Must Strengthen Cyber Vulnerability Disclosure Programs"

In a letter to Dana Deasy, CIO of the Department of Defense (DoD), US Senator Mark Warner (D-VA) brought further attention to the importance of vulnerability disclosure programs. News of the discovery of malware on a DoD-operated web server and how it was reported prompted Warner to write the letter. The security researcher who discovered the malware, which exploited a security misconfiguration, shared their finding through a vulnerability disclosure program. According to current reports, the malware was a component of a cryptocurrency-mining botnet. This incident highlights the importance of programs that allow security researchers to safely and legally disclose the vulnerabilities they find in information technology products operated by Federal agencies. The proper disclosure of security bugs and vulnerabilities contained by Federal information technology systems increases the speed at which responses occur and strengthens the cybersecurity of Federal and DoD systems. This article continues to discuss the discovery of malware on a DoD web server, the disclosure of this malware, the value of vulnerability disclosure programs, the Internet of Things Cybersecurity Improvement Act, and the importance of improving cloud security. 

MeriTalk reports "Sen. Warner Says DoD Must Strengthen Cyber Vulnerability Disclosure Programs"