DOD expands vulnerability disclosure program to contracting base in pilot

DOD expands vulnerability disclosure program to contracting base in pilot

Comments Off on DOD expands vulnerability disclosure program to contracting base in pilot

DOD’s Cyber Crime Center, in partnership with HackerOne, just concluded a yearlong Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) Pilot in which it invited members of the defense industrial base to accept vulnerability disclosures on the public-facing systems. The Defense Counterintelligence and Security Agency also assisted in the pilot.

This pilot “intended to identify if similar critical and high severity vulnerabilities existed on small to medium cleared and non-cleared DIB company assets with potential risks for critical infrastructure and U.S. supply chain” Melissa Vice, interim director of the program, said in a statement Monday.

“Every organization should prioritize securing their software supply chain, but it’s even more critical for federal agencies that protect national security,” said Alex Rice, HackerOne co-founder and chief technology officer. The “DIB-VDP takes the practice a leap forward by demonstrating the efficacy of VDPs in the real world. We should all be thankful to DoD for creating this innovative operating model, proving its effective operation at scale, and then making it available for other organizations to replicate.”

Read the full article – https://www.fedscoop.com/dod-expands-vulnerability-disclosure-program-to-contracting-base-in-pilot/

Share this post

Author

Related Posts

21Sep

5 Security Strategies to Ensure Data Privacy in Healthcare

Organizations in the healthcare industry need to proactively secure... read more

27Jan

White House publishes final zero trust strategy for federal agencies

On Wednesday, The White House published a final version... read more

05Jan

Feds Step Up Cybersecurity Support for State Governments

The Cybersecurity and Infrastructure Security Agency (CISA) is establishing... read more

23Dec

The Internal Revenue Service (IRS) Is Making Progress On Securing Its Systems And Data

The Treasury Inspector General for Tax Administration released a... read more

02Jun

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

Virtual Private Network (VPN) provider ExpressVPN on Thursday announced... read more

03Jun

Weekly Cyber Roundup (June 3, 2022)

WEEKLY CYBER BYTES 📅Mandiant reports evil corp switches ransomware strain... read more

Cybersecurity news, Cyber Crime, Cyber Attack, Weekly Cyber Update
01Jul

Weekly Cyber Roundup (July 1, 2022)

Take a look at the most important cyber news... read more

24May

Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit

A new research published by academics from KU Leuven,... read more

Best-VPN-for-Cybersecurity
16Nov

5 Best VPNs for Cybersecurity

Why Use VPNs? A virtual private network (VPN) offers an... read more

31May

FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks

"This exposure of sensitive credential and network access information,... read more