The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.
Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems.
The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all federal agencies to develop and publish a vulnerability disclosure policy.
Courtesy of the new initiative, FCEB agencies will have the opportunity to coordinate with the civilian hacker community to identify and monitor vulnerabilities in their systems.
In addition to taking advantage of the CISA-funded VDP platform service, FCEB agencies can also implement their own bug bounty programs powered by Bugcrowd and Endyna, which has been awarded a one-year contract to provide a Software-as-a-service (SaaS) component for the platform.
The VDP platform service will provide vulnerability and user management and will also perform administrative and support operations. Centrally managed by CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO), it will also facilitate the sharing of vulnerability information across agencies.
“CISA’s Vulnerability Disclosure Policy (VDP) Platform will support agencies with the option to use a centrally-managed system to intake vulnerability information from and collaborate with the public to improve the security of the agency’s internet-accessible systems. In furtherance of CISA’s issuance of Binding Operational Directive (BOD) 20-01, CISA’s Platform aims to promote good faith security research, ultimately resulting in improved security and coordinated disclosure across the federal civilian enterprise,” CISA says.
Related: DOD Expands Vulnerability Disclosure Program to Web-Facing Targets
Related: UK’s NCSC Publishes Guide to Implementing a Vulnerability Disclosure Process

More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
