The Cybersecurity Infrastructure and Security Agency (CISA) has launched a new centrally managed website where security researchers and the public can report vulnerabilities on federal civilian systems.
The Vulnerability Disclosure Program Platform will enable agencies to work with the research community on identifying system weaknesses and improve their cybersecurity posture, Eric Goldstein, CISA's executive assistant director for cybersecurity, said Friday.
The sharing process works by researchers checking the integrity of systems listed by the participating agencies and submitting their findings on the platform. Service providers BugCrowd and EnDynma will then assess the reports initially before passing them to the government organizations.
According to CISA estimates, using the VDP Platform will save the government over $10 million. The departments of Homeland Security, Labor and the Interior already pledged to use the website once it becomes available.