Critical Update

Why a Government Vulnerability Disclosure Program Is a Big Deal



Can federal agencies and hackers work together to improve security? Vulnerability disclosure programs—a path for security researchers, a.k.a hackers, to report bugs and issues—are old hat to the tech industry but would be new ground for most of the U.S. federal government. The Cybersecurity and Infrastructure Security Agency has been working on a directive for such a program, though public comments show an uneasiness from some federal officials. Nextgov spoke to some seasoned vulnerability disclosure coordinators, and Rep. Jim Langevin, D-R.I., to get a deeper understanding of what’s behind the pending policy and give implementers a glimpse of what lies in store.