With 11 new agency programs onboarding in 2023, the VDP Platform drew heightened researcher attention and engagement, which facilitated a marked increase in the volume of vulnerability submissions received, valid vulnerabilities identified and vulnerabilities remediated, CISA explained. The Cybersecurity and Infrastructure Security Agency (CISA) published its second report on the Vulnerability Disclosure Policy (VDP) Platform, which launched in 2021 as an organized way for federal civilian agencies to take in bug discoveries from researchers and resolve them. While VDPs are a critical component of an agency’s vulnerability management process, implementation and management come with associated costs for agencies,” CISA said. CISA said agencies that participate in VDP are able to save an average of about $4.45 million in potential remediation costs and are able to validate submissions two days faster than agencies that do not participate. CISA is also using VDP to gain better insight into vulnerability disclosures and threat trends across federal agencies. CISA said through VDP, it triaged more than 7,000 submissions in 2023 on behalf of 51 federal agencies. Thousands of vulnerabilities were identified and remediated through a government clearinghouse in 2023, according to a new report from the nation’s top cybersecurity agency. VDP allows CISA to mitigate some of this risk, providing an extra layer of protection for agencies delivering public services.
This Cyber News was published on therecord.media. Publication date: Wed, 02 Oct 2024 00:20:05 +0000