Improving Vulnerability Disclosure Together (Officially)

An open redirect – which can be used to give off-site malicious content the appearance of legitimacy – may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day. In many instances, a trained eye can spot critical deficiencies and yet have no one to report it to. It shouldn’t be hard to tell the government of potential cybersecurity issues — but it will be unless we’re intentional about making it easier.

CISA Releases Binding Operational Directive with New Requirements for Remediating Critical and High Vulnerabilities

Today, Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs issued Binding Operational Directive (BOD) 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems, to enhance federal agencies’ coordinated approach to ensuring effective and timely remediation of critical and high vulnerabilities in information systems.