National Cyber Awareness System: CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
12/02/2019 11:02 AM EST
Original release date: December 2, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019. CISA encourages users and administrators to review the CISA blog post, Improving Vulnerability Disclosure Together, and draft BOD 20-01 for more information. CISA encourages feedback on draft BOD 20-01 from individuals with personal or institutional expertise in vulnerability disclosure and from organizations that have a VDP and manage coordinated vulnerability disclosures. |
CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
You must log in to post a comment.