Vulnerability Management

Government agency initiates vulnerability disclosure discussions

The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.

“The goal of this process will be to bring together security researchers, software vendors, and those interested in a more secure digital ecosystem to create common principles and best practices around the disclosure of and response to new security vulnerability information,” Angela Simpson, deputy assistant secretary for communications and information, wrote in an agency blog post.

The agency will host a kickoff meeting in September, which it will likely host in San Francisco, and all meetings will be virtually broadcasted, as well.

NTIA requested comments in March for input on what the focus of its cybersecurity process should be. Companies, including Rapid7 and Cloudflare, as well as independent organizations, including the American Civil Liberties Union and the Center for Internet Security, submitted thoughts.

Many respondents mentioned vulnerability disclosure in their comments. Rapid7, for instance, wrote: “Identifying, investigating, and disclosing vulnerabilities in technical systems is a key step towards reducing these [threats] and mitigating attacks.”

Along with the announcement of NTIA's program came an updated fact sheet from the White House on President Obama's cybersecurity initiative.

The sheet details work with other countries, such as with Japan, to coordinate on cyber issues, and also mentions how the government upped its cybercrime enforcement since the beginning of this year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.