U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021
A new CISA mandate requires US agencies to implement policies that deal with disclosing vulnerabilities by March of 2021. This will provide ethical hackers with clarified guidelines for submitting bugs that they uncover in government systems. As of right now, federal agencies largely lack a formal policy that details receiving information about severe vulnerabilities and disclosing those issues to the public.
Under the new directive, US agencies will be required to publish policies detailing which systems are in scope, the type of testing allowed, and how ethical hackers can submit their vulnerability reports. The initiative aims to create a more secure space for ethical hackers in which they are given a clear set of guidelines on vulnerability disclosure when dealing with government entities.