DHS CISA directive would require vulnerability disclosure program at every agency

“The Homeland Security Department on Wednesday released a draft of a binding operational directive that would require every federal agency to create a vulnerability disclosure policy.”

“Under the measure, each civilian agency would need to create a formal process for security researchers to share vulnerabilities they uncover within the organization’s public-facing websites and other IT infrastructure. Agencies must also develop a system for reporting and closing the security gaps that are uncovered through the program.”

“Despite the growing popularity of public cyber initiatives like bug bounties, security researchers often find themselves in a legal gray area when reporting cyber weaknesses to the government. By creating vulnerability disclosure policies, agencies can set clear guardrails on legal hacking…”

“The BOD would bring the rest of the government up to speed with the Pentagon and the General Services Administration’s tech office, which have already established vulnerability disclosure programs. DHS is also in the process of finalizing its own policy…” Read the full article here.

Source: CISA Wants a Vulnerability Disclosure Program At Every Agency – By Jack Corrigan, November 27, 2019. Nextgov.

0
Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 1 week, 5 days ago.

  • Author
    Posts
  • #84035

    Replies viewable by members only

You must be logged in to reply to this topic.

CONTACT US

Questions?. Send us an email and we'll get back to you, asap.

Sending

©2019 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange ETC

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541512, 
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange ETC Members will receive access to all basic and much of the advanced data. G2Xchange ETC Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

Log in with your credentials

Forgot your details?