Inside Cybersecurity

October 25, 2020

Daily News

CISA’s process for developing vulnerability disclosure policies needs to be reworked, researcher says

October 16, 2020 |
Sara Friedman

The process outlined in a CISA binding operational directive for the development of vulnerability disclosure policies is flawed, according to a leading researcher in bug bounty programs, who argues more work needs to be done for preparation.

The BOD issued on Sept. 2 required federal agencies within 30 days to enable the receipt of “unsolicited reports about potential security vulnerabilities,” prior to developing or publishing a policy, and to create an easily accessible way to find agency contacts involved....

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.