“Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified,” Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.
The VDP platform
Binding Operational Directive 20-01, released in September 2020, mandates that all FCEB agencies must develop and publish a vulnerability disclosure policy.
At the moment, this newly established VDP platform collects eleven vulnerability disclosure programs, published by the:
- Federal Communications Commission (FCC)
- Department of Homeland Security (DHS)
- National Labor Relations Board (NLRB)
- Federal Retirement Thrift Investment Board (FRTIB)
- Millennium Challenge Corporation (MCC)
- Department of Agriculture (USDA)
- Department of Labor (DOL)
- Privacy and Civil Liberties Oversight Board (PCLOB)
- Equal Employment Opportunity Commission (EEOC)
- Occupational Safety and Health Review Commission (OSHRC)
- Court Services and Offender Supervision Agency (CSOSA)
This newly established VDP platform is run by BugCrowd, a bug bounty and vulnerability disclosure company, and EnDyna, a government contractor that provides science and technology-based solutions to several US federal agencies.
![CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]](https://m.media-amazon.com/images/I/51FIzAXr-CL._SX260_.jpg)
