"CISA Launches US Federal Vulnerability Disclosure Platform"
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) platform offered by the Cybersecurity and Infrastructure Security Agency (CISA). In September 2020, the Binding Operational Directive 20-01 was released, which mandates that all FCEB agencies develop and publish a vulnerability disclosure policy. At the moment, this newly established VDP platform collects eleven vulnerability disclosure programs, published by the: Federal Communications Commission (FCC), Department of Homeland Security (DHS), National Labor Relations Board (NLRB), Federal Retirement Thrift Investment Board (FRTIB), Millennium Challenge Corporation (MCC), Department of Agriculture (USDA), Department of Labor (DOL), Privacy and Civil Liberties Oversight Board (PCLOB), Equal Employment Opportunity Commission (EEOC), Occupational Safety and Health Review Commission (OSHRC), and Court Services and Offender Supervision Agency (CSOSA). This newly established VDP platform is run by BugCrowd, a bug bounty and vulnerability disclosure company, and EnDyna, a government contractor that provides science and technology-based solutions to several US federal agencies. Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained that this new platform allows agencies to gain more significant insights into potential vulnerabilities, thereby improving their cybersecurity posture. Goldstein also stated that this approach also enables significant government-wide cost savings, as agencies no longer need to develop their own separate systems to enable reporting and triage of identified vulnerabilities.
Help Net Security reports: "CISA Launches US Federal Vulnerability Disclosure Platform"