CISA debuts vulnerability disclosure platform

virus bug in program code By Royalty-free stock illustration ID: 85711637 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

Federal civilian agencies can now use a bug reporting system fielded as a shared service by the Cybersecurity and Infrastructure Security Agency to gather information on potential website and software vulnerabilities.

The Department of Homeland Security, CISA's parent agency, signed on as an early adopter of the new vulnerability disclosure platform (VDP). The Departments of the Interior and Labor also intend to use the new system, which invites cybersecurity researchers to submit reports about potential flaws on internet-accessible government systems.

Vendors BugCrowd and EnDyna are providing the platform, and contract employees will take the first look at reports submitted, conducting an initial assessment of the submitted vulnerabilities. According to a news release by CISA, giving the first read of bug reports to contractors will "free up agencies' time and resources and allow agencies to focus on those reports that have real impact."

As the cybersecurity shared services provider to the civilian federal government, CISA has taken the lead in offering agency access to cybersecurity services. Agencies that adopt the VDP will have their own profile in the platform that gives them access submissions and statistics, according to a CISA fact sheet.

Bug bounties are optional, according to the fact sheet.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected