Original release date: September 3, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal Government’s internet-accessible systems. CISA released a draft version of BOD 20-01 for public comment in December 2019 and incorporated many of the received suggestions in the final version.

CISA encourages users to review BOD 20-01 and the CISA blog post, Improving Vulnerability Disclosure Together (Officially) for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Read More

Suggestions?

2 + 6 =

From the blog:

Skip to toolbar