SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Announces Vulnerability Disclosure Policy Platform

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.

Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch (FCEB) agencies identify and address vulnerabilities in critical systems.

The platform was launched in support of Binding Operational Directive (BOD) 20-01, through which the Department of Homeland Security (DHS) instructed all federal agencies to develop and publish a vulnerability disclosure policy.

Courtesy of the new initiative, FCEB agencies will have the opportunity to coordinate with the civilian hacker community to identify and monitor vulnerabilities in their systems.

In addition to taking advantage of the CISA-funded VDP platform service, FCEB agencies can also implement their own bug bounty programs powered by Bugcrowd and Endyna, which has been awarded a one-year contract to provide a Software-as-a-service (SaaS) component for the platform.

The VDP platform service will provide vulnerability and user management and will also perform administrative and support operations. Centrally managed by CISA’s Cybersecurity Quality Services Management Office (Cyber QSMO), it will also facilitate the sharing of vulnerability information across agencies.

“CISA’s Vulnerability Disclosure Policy (VDP) Platform will support agencies with the option to use a centrally-managed system to intake vulnerability information from and collaborate with the public to improve the security of the agency’s internet-accessible systems. In furtherance of CISA’s issuance of Binding Operational Directive (BOD) 20-01, CISA’s Platform aims to promote good faith security research, ultimately resulting in improved security and coordinated disclosure across the federal civilian enterprise,” CISA says.

Related: DOD Expands Vulnerability Disclosure Program to Web-Facing Targets

Advertisement. Scroll to continue reading.

Related: UK’s NCSC Publishes Guide to Implementing a Vulnerability Disclosure Process

Related: NSA, DHS Issue Guidance on Protective DNS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Security awareness training firm KnowBe4 has named Bryan Palma as president and CEO effective May 5.

Threat intelligence firm Team Cymru has appointed Joe Sander as its Chief Executive Officer.

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.