A VDP allows people who have “seen something” to “say something” to those who can fix it. It makes clear that an organization welcomes and authorizes good faith security research on specific, internet-accessible systems.
Prikaži ovu nit
When things are easier to do, more people will do them. Reporting vulnerabilities shouldn’t be hard. That’s why we issued a draft directive that will require most agencies in the executive branch to publish a vulnerability disclosure policy, or VDP. https://go.usa.gov/xpnFT
-
-
-
For this directive, we’re seeking feedback from the public before the directive is mandatory – something we’ve never done before – and we want to hear from individuals and organizations with expertise in vulnerability disclosure.
Prikaži ovu nit -
The public comment is open until Dec 27th, 11:59pm EST. https://cyber.dhs.gov/bod/20-01/
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
In addition to being easier is also lack of knowledge for protocol vulnerabilities. Sometimes as simple as UPNP or MFA. This venture will should prevent people from retaliation if they do speak up. Lives have already be severely devastated. Brilliant move to implement.
-
And yes, I’ve seen UPNP enabled in CI environments.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.