Vulnerability disclosure policies eyed for federal contractors in Senate bill

The legislation from Sens. Warner and Lankford would require federal contractors to adhere to NIST’s guidelines on VDPs.

The post Vulnerability disclosure policies eyed for federal contractors in Senate bill appeared first on CyberScoop.

Continue reading Vulnerability disclosure policies eyed for federal contractors in Senate bill

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP).
The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  appeared first on SecurityWeek.
Continue reading Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Empowering the next generation of Android Application Security Researchers

Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships ManagerThe external security researcher community plays an integral role in making the Google Play ecosystem safe and secure. Through this partnership with the commu… Continue reading Empowering the next generation of Android Application Security Researchers

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more. Continue reading How the Pandemic is Reshaping the Bug-Bounty Landscape

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams. Continue reading Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Continue reading It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Facebook Debuts Third-Party Vulnerability Disclosure Policy

If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. Continue reading Facebook Debuts Third-Party Vulnerability Disclosure Policy

CISA orders agencies to set up vulnerability disclosure programs

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director […]

The post CISA orders agencies to set up vulnerability disclosure programs appeared first on CyberScoop.

Continue reading CISA orders agencies to set up vulnerability disclosure programs

Webinar: Hacking the Extraterrestrial Internet – Where Fiction Meets Reality

Register Now to Explore the Tech Behind the Interplanetary Internet!
Normal SciFi glosses over a glaring problem with comms through the vastness of space… The Internet and TCP/IP suffer a massive self-imposed DOS attack with any disruptions for m… Continue reading Webinar: Hacking the Extraterrestrial Internet – Where Fiction Meets Reality