Justice Department issues framework on vulnerability disclosures

The Department of Justice’s Cybersecurity Unit has issued a framework to assist organizations in creating a voluntary coordinated cyber vulnerability disclosure program.

DOJ announced the new framework on Tuesday, laying out best practices for companies to accept information about security vulnerabilities and how they may disclose vulnerability reports to affected parties and the public.

“The Criminal Division’s Cybersecurity Unit has prepared this framework to assist organizations interested in instituting a formal vulnerability disclosure program,” the framework states. “It provides...