Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Federal Agencies Ordered to Make it Easier for Hackers to File Bug Reports
- This topic has 0 replies, 1 voice, and was last updated 5 months, 2 weeks ago by
.
-
Topic
-
This is a great article from pcmag.com. As many ‘good samaritan’ hackers know, the absence of a clearly defined Vulnerability Disclosure Policy (VDP) among various federal agencies proves quite difficult when we simply want to do our ‘due diligence’ and reporting a bug. Unless the bug is of immediate concern, many federal agencies either ignore the problem altogether or add it to the huge backlog of issues that will probably be assigned to an intern or rookie staff member. This, in turn, could unnecessarily place both public and classified data at risk.
To address these deficiencies, the Cybersecurity and Infrastructure Security Agency (CISA) (cisa.gov), a branch of the Department of Homeland Security, has ordered all registered .GOV domains to develop and implement a security response plan to develop formal guidelines for bug reporting. The deadline for this is tentatively set for 03/2021.
All federal agencies are supposed to publish their VDP’s at [agency].gov/vulnerability-disclosure-policy. I am interested to see how my favorite agencies: fbi.gov and cia.gov, respond to this request! -RME
You must be logged in to reply to this topic.
