OMB Starts Clock on Agencies Implementing Policies to Welcome Public Security Research

NextGov: Federal agencies now have 180 days to publish and operationalize coordinated vulnerability disclosure policies aimed at encouraging ethical hackers to submit reports of weaknesses they find in government systems.

“VDPs empower agencies to crowdsource vulnerability discovery and thereby realize extraordinary return on investment,” Acting Deputy Director for Management Michael Rigas said in a press release announcing a new policy memorandum Wednesday. “This is part of an ongoing effort to improve our cyber defenses and to improve government transparency, while adopting industry-tested and cost effective measure[s] to improve federal information security programs.”

Read article