CISA Partners with OMB to Stand Up Vulnerability Disclosure Policies at Civilian Agencies

The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget will require civilian agencies to develop vulnerability disclosure policies, allowing outside experts who have “seen something” that looks like a cyber weakness to “say something” to those who can fix it.

Under the draft binding operational directive released Wednesday, agency VDPs would make it clear that “an agency welcomes and authorizes good-faith security research on specific, internet-accessible systems,” CISA Assistant Director for Cybersecurity Jeanette Manfra wrote in a blog post.

Meanwhile, OMB will meet with executives from the Department of Homeland Security, the General Services Administration, the Commerce Department and other agencies to work on implementation strategies, as well as the benefits of leveraging bug bounty programs.

Read more at Federal News Network

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio