SoylentNews is people
SoylentNews
from the sudden-outbreak-of-common-sense? dept.
US Federal systems must be covered by vulnerability-disclosure policies by March 2021:
A new Cybersecurity and Infrastructure Security Agency (CISA) mandate requires U.S. agencies to implement vulnerability-disclosure policies by March 2021.
The U.S. government's cybersecurity agency CISA has issued a mandate that requires federal agencies to implement vulnerability-disclosure policies (VDPs) by March 2021.
The main purpose of vulnerability-disclosure policies is to ensure that required information, other than confidential business information, is disclosed to the public and shared with relevant parties in a timely, accurate, complete, understandable, convenient and affordable manner.
The move aims at providing government agencies a formal mechanism to receive from security researchers and white-hat hackers reports of vulnerabilities on their infrastructure.
Vulnerability-disclosure policies allow enhancing the resiliency of the government's infrastructure by encouraging meaningful collaboration between federal agencies and the public.
Link to the Binding Operational Directive 20-01.
(Score: 2) by DannyB on Thursday September 10 2020, @07:45PM
So I take it that if you report a vulnerability about a federal computer system, that is not a crime to report such vulnerability?
Does that extend to other servers [wikipedia.org] holding classified information?
"Hey, Hillary! Your private email server isn't using encrypted email. Just sayin' Get a digital certificate maybe."
Is it okay to disclose this vulnerability information to the public before the problem is fixed? If so, then replace the word "affordable manner" with "hackable manner". Or maybe they mean lower Total Cost of Pwnership.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 0) by Anonymous Coward on Thursday September 10 2020, @07:56PM
you frauds could stop buying slaveware with extorted money.