Daily Briefs

Justice Department issues framework on vulnerability disclosures

August 02, 2017 |
Bookmark and Share

The Department of Justice’s Cybersecurity Unit has issued a framework to assist organizations in creating a voluntary coordinated cyber vulnerability disclosure program.

DOJ announced the new framework on Tuesday, laying out best practices for companies to accept information about security vulnerabilities and how they may disclose vulnerability reports to affected parties and the public.

“The Criminal Division’s Cybersecurity Unit has prepared this framework to assist organizations interested in instituting a formal vulnerability disclosure program,” the framework states. “It provides...


Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on cybersecurity policy under the Trump administration.

Log in to access this content.