CISA has released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform gives federal agencies a single, user-friendly interface to intake vulnerability information and to collaborate with the public researcher community for vulnerability awareness and remediation. Read more at CISA.
Analyst Comment (Jennifer Lyn Walker): While this report and policy is in regard to FCEB, cyber mature utilities may find it valuable to undertake such a program. Likewise, Vulnerability Disclosure/Reporting is included in CISA's Cross-Sector Cybersecurity Performance Goals (CPGs) recommending that organizations maintain a public, easily discoverable method for security researchers to notify organizations' security teams of vulnerable, misconfigured, or otherwise exploitable assets.