Security News > 2021 > June > CISA Announces Vulnerability Disclosure Policy Platform
The U.S. Cybersecurity and Infrastructure Security Agency today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy platform.
Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch agencies identify and address vulnerabilities in critical systems.
The platform was launched in support of Binding Operational Directive 20-01, through which the Department of Homeland Security instructed all federal agencies to develop and publish a vulnerability disclosure policy.
In addition to taking advantage of the CISA-funded VDP platform service, FCEB agencies can also implement their own bug bounty programs powered by Bugcrowd and Endyna, which has been awarded a one-year contract to provide a Software-as-a-service component for the platform.
The VDP platform service will provide vulnerability and user management and will also perform administrative and support operations.
"CISA's Vulnerability Disclosure Policy Platform will support agencies with the option to use a centrally-managed system to intake vulnerability information from and collaborate with the public to improve the security of the agency's internet-accessible systems. In furtherance of CISA's issuance of Binding Operational Directive 20-01, CISA's Platform aims to promote good faith security research, ultimately resulting in improved security and coordinated disclosure across the federal civilian enterprise," CISA says.