DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies

The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential security weaknesses reported by researchers. In the statement posted online, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) raised concerns that most civilian agencies’ lack of disclosure policies will lead to confusion, a lack of faith that issues are getting fixed, and the fear of potential legal action.

Read full article on Dark Reading