September 3, 2020

OMB Memo on Improving Vulnerability Identification, Management, and Remediation and the DHS Binding Operational Directive on Vulnerability Disclosure Policy

The Coalition will continue to work with OMB and agencies on implementation of the policy.

Media Advisory

CONTACT:

Joshua Lamel

(202) 246-1400

jlamel@insight-dc.com

The following statement can be attributed to Ari Schwartz, Coordinator for the Cybersecurity Coalition regarding the OMB Memo on Improving Vulnerability Identification, Management, and Remediation and the DHS Binding Operational Directive on Vulnerability Disclosure Policy

“The Cybersecurity Coalition welcomes the government recommendations to improve vulnerability identification, management and remediation. The Office of Management and Budget memo addresses the need to clarify the government’s position on vulnerability disclosure policies and bug bounty programs. It gives agencies time to scale their vulnerability disclosure policies and ensures good-faith security research efforts are not considered an incident or breach. The Department of Homeland Security Binding Operational Directive is a further step forward to protect federal government agencies, companies and internet users. It enhances the cybersecurity ecosystem by directing cross-government vulnerability formulation and disclosure programs. The Coalition will continue to work with OMB and agencies on implementation of the policy.”