The Homeland Security Department is seeking feedback on an enterprisewide vulnerability disclosure program that will make it easier for the public to report weaknesses in the agency’s IT infrastructure.
The program would allow the cybersecurity community to scour select Homeland Security systems for vulnerabilities and alert department officials to their findings without fear of punishment. The effort would bring the department up to speed with the Pentagon and General Services Administration’s tech office, which have both already established vulnerability disclosure policies.