CISA partners with OMB to stand up vulnerability disclosure policies at civilian agencies

Federal News Network: The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget will require civilian agencies to develop vulnerability disclosure policies, allowing outside experts who have “seen something” that looks like a cyber weakness to “say something” to those who can fix it.

Under the draft binding operational directive released Wednesday, agency VDPs would make it clear that “an agency welcomes and authorizes good-faith security research on specific, internet-accessible systems,” CISA Assistant Director for Cybersecurity Jeanette Manfra wrote in a blog post.

Read article