Vulnerability Disclosure Policy (VDP) Platform
Description
Every day, security researchers find and enable remediation of vulnerabilities in products and assets around the world. CISA launched the Vulnerability Disclosure Policy (VDP) Platform in July 2021 to ensure that federal civilian executive branch agencies benefit from the expertise of the research community and effectively implement Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy. The VDP Platform promotes good-faith security research for improved security and coordinated vulnerability disclosure across the Federal Civilian Executive Branch (FCEB).
CISA’s VDP Platform helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The Platform serves as the primary point of entry for receiving, triaging, and routing vulnerabilities disclosed by public researchers. The VDP Platform enhances information-sharing across the FCEB by improving how agencies receive, track, analyze, report, manage, and communicate potential vulnerabilities. Agencies use the VDP Platform to receive actionable vulnerability information and collaborate with the public to improve the security of their internet-accessible systems.
On Aug 25, 2023, CISA published its inaugural report, VDP Platform 2022 Annual Report, highlighting the agency's progress supporting vulnerability awareness and remediation across the federal enterprise. We are actively seeking to enhance future collaborations with the public security researcher community and welcome participation and partnership. CISA looks forward to the continued improvement and growth of the VDP Platform through 2023 and beyond.
Any agency interested in participating or receiving additional information should contact CISA’s Cybersecurity Shared Services Office VDP Platform Team at vdpplatform@cisa.dhs.gov.
For more information on the VDP Platform, please reference the following resources.