Service

Vulnerability Disclosure Policy (VDP) Platform

Task type
Increase your resilience
Readiness Level
Foundational
Related topics:
Cybersecurity Best Practices

Description

Public security researchers regularly identify, and enable the remediation of, vulnerabilities in products and assets around the world. CISA launched the Vulnerability Disclosure Policy (VDP) Platform in July 2021 to ensure that Federal Civilian Executive Branch (FCEB) agencies benefit from the expertise of the research community. The platform enables participating agencies to effectively implement Binding Operational Directive 20-01: Develop and Publish a Vulnerability Disclosure Policy. The VDP Platform promotes good-faith security research for improved security and coordinated vulnerability disclosure across the FCEB.

CISA’s VDP Platform helps agencies streamline day-to-day operations when disclosing and managing cyber vulnerabilities. The platform serves as the primary point of entry for receiving, triaging, and routing vulnerabilities discovered and reported by public security researchers. The VDP Platform enhances information-sharing across the FCEB by improving how agencies receive, track, analyze, report, manage, and communicate potential vulnerabilities. Agencies use the platform to intake actionable vulnerability information and collaborate with public security researchers to improve the security of their internet-accessible systems.

CISA published the VDP Platform’s inaugural report on Aug. 25, 2023, to highlight the agency's progress supporting vulnerability awareness and remediation across the federal enterprise during the platform’s first operational year. The VDP team is actively seeking to enhance future collaboration with the public security researcher community and welcomes partnerships. CISA looks forward to continued improvement and growth of the VDP Platform.

Any agency interested in participating or receiving additional information should contact CISA’s Cybersecurity Shared Services Office VDP Platform Team at vdpplatform@cisa.dhs.gov.

For more information on the VDP Platform, please reference the following resources.

VDP Platform Resources

VDP Platform Fact Sheet

VDP Platform FaQ

VDP Platform Bug Bounty Fact Sheet

VDP Platform 2023 Annual Report

Links

VDP Platform 2022 Annual Report Showcases Platform's Success 
Video: Vulnerability Disclosure Policy (VDP) Platform 101 
CISA Announces Vulnerability Disclosure Policy (VDP) Platform 

Tags

Audience: Federal Government
Programs: Cyber Marketplace
Topics: Cybersecurity Best Practices

Related Services