CISA Announces Vulnerability Disclosure Policy (VDP) Platform
CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can leverage as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis.
This new platform allows agencies to gain greater insights into potential vulnerabilities, which will improve their cybersecurity posture. This approach also means agencies no longer need to develop separate systems to enable vulnerability reporting and triage of identified vulnerabilities, providing government-wide cost savings that CISA estimates at over $10 million.
For more details, see the blog post by CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein.