CISA Orders Agencies to Set up Vulnerability Disclosure Programs

CISA has issued a Binding Operational Directive for agencies to establish Vulnerability Disclosure Policies that promise no legal action against white-hat hackers, allow them to submit reports anonymously, and cover at least one internet-accessible system or service. Agencies will have to gradually add systems to their VDPs until, after two years, all of an agency’s […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Read the full post at CyberScoop