Science & Technology

CISA Announces US Federal Vulnerability Disclosure Platform

Bug hunter Anyone who wants to help the US federal government protect their online assets can now get all the relevant information from the Vulnerability Disclosure Policy (VDP) platform provided by cybersecurity and infrastructure security agencies (CISA).

“Through this cloud sourcing platform, Federal Civilian Executive Branch (FCEB) agencies will be able to coordinate with the security research community in a streamlined manner, and these reports of incidents will simply facilitate the submission of findings. One available website is available. This platform allows researchers with unique skills to submit vulnerability reports for collaboration and information sharing between the public and private sectors. Promote, which allows government agencies to understand and address previously unidentified vulnerabilities. explanation..

VDP platform

Binding Operational Directive 20-01, Released in September 2020, mandates that all FCEB agencies need to be developed and published Disclosure of vulnerabilities policy.

At the moment, this newly established VDP platform We collect 11 vulnerability disclosure programs published by:

  • Federal Communications Commission (FCC)
  • Department of Homeland Security (DHS)
  • National Labor Relations Board (NLRB)
  • Federal Retirement Thrift Investment Commission (FRTIB)
  • Millennium Challenge Corporation (MCC)
  • Department of Agriculture (USDA)
  • Ministry of Labor (DOL)
  • Privacy and Civil Freedom Oversight Committee (PCLOB)
  • Equal Employment Opportunity Commission (EEOC)
  • Occupational Safety and Health Review Committee (OSHRC)
  • Court Services and Criminal Supervisory Authority (CSOSA)

This newly established VDP platform is run by BugCrowd, Bug bounties and vulnerability disclosure companies, and EnDyna, A government contractor that provides science and technology-based solutions to several US federal agencies.

Both companies will conduct an initial assessment of the submitted vulnerability reports, and agencies will focus on “actually impacting” reports, Goldstein said.

Each program describes the scope, guidelines, and expectations of information systems, applications (both web and mobile), or institutions that have access to the Internet, or websites that they own, operate, or control.

In general, government agencies say that bug hunters can physically test facilities, social engineering, and other non-technical vulnerability tests, as well as tests that can compromise or damage access to systems and data (DoS,). Resource exhaustion, brute force test, NS.)

“This new platform gives government agencies deeper insight into potential vulnerabilities, which improves their cybersecurity stance. This approach also allows for significant cost savings across government agencies. This is because government agencies no longer have to develop their own separate systems to enable reporting and triage of identified vulnerabilities, “Goldstein concludes.

CISA Announces US Federal Vulnerability Disclosure Platform CISA Announces US Federal Vulnerability Disclosure Platform

Back to top button