DHS Comment Deadline: Develop and Publish a Vulnerability Disclosure Policy

Friday, January 10, 2020 - 11:45pm

The Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), is seeking comment on the draft Binding Operational Directive 20-01 titled "Develop and Publish a Vulnerability Disclosure Policy." The draft binding operational directive proposes requiring all federal agencies to develop and publish a vulnerability disclosure policy, enable receipt of unsolicited vulnerability reports, maintain supporting handling procedures for any vulnerability reports received, and report certain metrics to CISA. 

On December 23, 2019, CISA extended the comment deadline from December 27, 2019, to January 10, 2020.

Members of the public may submit comments on GitHub or via email. More information is available at this Federal Register notice.