Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

2020-09-03 00:58

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy.

"An open redirect - which can be used to give off-site malicious content the appearance of legitimacy - may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day," he said.

CISA's Binding Operational Directive 20-01 aspires to simplify the reporting process.

Within 180 days, agencies must publish a vulnerability disclosure policy that describes which of its IT systems are within the policy's scope, the type of testing permitted, how to file a vulnerability report, and commitments to avoid recommending legal action for good faith reporting and to set expectations for a response.

"You can't just throw a point of contact up to solicit vulnerability reports from the public with no process behind it and expect good security as a result," she wrote in a blog post.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/03/us_bug_bounty/

#911 #homelandsecurity #internet #security

News URL

Related news