"VDP Platform 2022 Annual Report Showcases Platform's Success"
Security researchers are always discovering and facilitating the mitigation of vulnerabilities in products and websites. They help vendors and defenders fix problems before adversaries exploit them to inflict harm. In 2019, the US Cybersecurity and Infrastructure Security Agency (CISA) released Binding Operational Directive (BOD) 20-01, requiring federal civilian agencies to develop and publish a Vulnerability Disclosure Policy (VDP). CISA then launched a government-wide VDP Platform in July 2021 to provide federal agencies with a streamlined shared service aimed at supporting the receipt and adjudication of VDP submissions. CISA has released its first VDP Platform 2022 Annual Report, highlighting the service's progress in promoting vulnerability awareness and remediation across the federal enterprise. The VDP Platform has experienced significant growth, receiving over 1,330 unique valid disclosures, of which about 85 percent have been remediated. Through December 2022, the VDP Platform facilitated the remediation of more than 1,000 vulnerabilities, including those in CISA's known exploited vulnerabilities catalog. This article continues to discuss the success of CISA's VDP Platform.
CISA reports "VDP Platform 2022 Annual Report Showcases Platform's Success"