Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform gives federal agencies a single, user-friendly interface to intake vulnerability information and to collaborate with the public researcher community for vulnerability awareness and remediation.
CISA urges FCEB agencies to review the VDP Platform 2022 Annual Report and encourages use of the platform to promote good-faith security research if they are not already doing so. By promoting an agency’s VDP to the public security researcher community, the platform benefits users by harnessing researchers’ expertise to search for and detect vulnerabilities that traditional scanning technology might not find.
CISA is actively seeking to enhance future collaborations with the public security researcher community and welcomes participation and partnership.