CISA sees progress across agencies in implementing mandate to stand up vulnerability disclosure policies

Over 90 percent of federal agencies met the first deadline under CISA’s binding operational directive on creating vulnerability disclosure policies, which the cyber agency sees as a priority element in securing U.S. government networks as well as providing a roadmap for private-sector entities to establish their own VDP policies.

Vulnerability disclosure was the subject of two presentations Wednesday at the start of the NIST Information Security and Privacy Advisory Board two-day meeting. NIST’s Charles Romine also delivered a presentation...