Government agency initiates vulnerability disclosure discussions
NTIA announced plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.
The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.
“The goal of this process will be to bring together security researchers, software vendors, and those interested in a more secure digital ecosystem to create common principles and best practices around the disclosure of and response to new security vulnerability information,” Angela Simpson, deputy assistant secretary for communications and information, wrote in an agency blog post.
The agency will host a kickoff meeting in September, which it will likely host in San Francisco, and all meetings will be virtually broadcasted, as well.
NTIA requested comments in March for input on what the focus of its cybersecurity process should be. Companies, including Rapid7 and Cloudflare, as well as independent organizations, including the American Civil Liberties Union and the Center for Internet Security, submitted thoughts.
Many respondents mentioned vulnerability disclosure in their comments. Rapid7, for instance, wrote: “Identifying, investigating, and disclosing vulnerabilities in technical systems is a key step towards reducing these [threats] and mitigating attacks.”
The sheet details work with other countries, such as with Japan, to coordinate on cyber issues, and also mentions how the government upped its cybercrime enforcement since the beginning of this year.