● Importantworld1 outlet covering thisCalibrating

Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

First publishedJul 15, 12:00 UTC
Last updatedJul 15, 20:17 UTC · just now ago
11 outletCISA
1 outlets over time — hover a bar for its window & outletslast updated
● Story signals

How strong is this topic?

6.4/10Significanceimpact & urgency
9.0/10Source trustoutlet authority
1Outletsindependent sources

Significance weighs impact, urgency & coverage breadth · Source trust is the outlets' average authority · more outlets means a more confirmed story.

Answer

Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software manufacturers and online service providers to design and implement a coordinated vulnerability disclosure (CVD) program for working with external security researchers that includes a clear vulnerability disclosure policy (VDP) and process for triaging, remediating and assigning Common Vulnerabilities and Exposures (CVE) identifiers to reported vulnerabilities. The guidance also provides considerations for leveraging third-party intermediaries, like CISA or other national computer security incident response teams, to substitute or supplement a CVD program.

Reported by 1 outlet CISA. See all sources ↓

Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software manufacturers and online service providers to design and implement a coordinated vulnerability disclosure (CVD) program for working with external security researchers that includes a clear vulnerability disclosure policy (VDP) and process for triaging, remediating and assigning Common Vulnerabilities and Exposures (CVE) identifiers to reported vulnerabilities. The guidance also provides considerations for leveraging third-party intermediaries, like CISA or other national computer security incident response teams, to substitute or supplement a CVD program. By implementing a robust CVD program aligned with this guidance, organizations can work transparently and collaboratively with security researchers to remediate vulnerabilities, build constructive relationships, enhance product security while improving vulnerability management processes, and demonstrate their dedication to protecting customers.

Read the full report at CISA

Why it matters

A world story we're tracking; its significance and source trust firm up as more outlets confirm it.

In brief
What's the story?
Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best practices for software manufacturers and online service providers to design and implement a coordinated vulnerability disclosure (CVD) program for working with external security researchers that includes a clear vulnerability disclosure policy (VDP) and process for triaging, remediating and assigning Common Vulnerabilities and Exposures (CVE) identifiers to reported vulnerabilities. The guidance also provides considerations for leveraging third-party intermediaries, like CISA or other national computer security incident response teams, to substitute or supplement a CVD program.
How widely is it covered?
1 outlet, average source rating 9.0/10.
When was it last updated?
just now ago.
Different angles across outlets
Coverage map

How outlets are framing the same story

Here's how each outlet is covering the story — compare their headlines and timing at a glance.

  • Coverage card1 outlet
    1Coverage
    Scouting report

    Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers

    Sources1
    TypeCoverage
    CISA
Related in the knowledge graph
Sources (1)
Avg source rating 9.0/10
Processing cluster
A1A2A3B1B2B3
Share this article
Summarize with AI (opens AI chat with article URL · Gemini: prompt copied to clipboard)