DOD expands vulnerability disclosure program to contracting base in pilot
DOD’s Cyber Crime Center, in partnership with HackerOne, just concluded a yearlong Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) Pilot in which it invited members of the defense industrial base to accept vulnerability disclosures on the public-facing systems. The Defense Counterintelligence and Security Agency also assisted in the pilot.
This pilot “intended to identify if similar critical and high severity vulnerabilities existed on small to medium cleared and non-cleared DIB company assets with potential risks for critical infrastructure and U.S. supply chain” Melissa Vice, interim director of the program, said in a statement Monday.
“Every organization should prioritize securing their software supply chain, but it’s even more critical for federal agencies that protect national security,” said Alex Rice, HackerOne co-founder and chief technology officer. The “DIB-VDP takes the practice a leap forward by demonstrating the efficacy of VDPs in the real world. We should all be thankful to DoD for creating this innovative operating model, proving its effective operation at scale, and then making it available for other organizations to replicate.”
Read the full article – https://www.fedscoop.com/dod-expands-vulnerability-disclosure-program-to-contracting-base-in-pilot/