CISA to Improve Vulnerability Disclosure Practices
The Cybersecurity and Infrastructure Security Agency (CISA) issued a draft binding operational directive, BOD 20-01, which will require federal civilian executive branch agencies to publish a vulnerability disclosure policy (VDP).