DHS Planning Vulnerability Disclosure Program

Department of Homeland Security DHS

The Department of Homeland Security (DHS) is creating a standing form to allow industry, academia, and other private sector entities to report vulnerabilities on its networks, an upcoming Federal Register post says.

The post, released for public inspection on August 27 and scheduled to be posted on the Federal Register on August 28, notes that DHS will maintain an online form for people to report any vulnerabilities they find. The move also allows DHS to implement a key provision of the SECURE Technology Act, signed into law in December 2018.

“The form will benefit researchers as it will provide a safe and lawful way for them to practice and discover new skills while discovering the vulnerabilities. Meanwhile, it will provide the same benefit to the DHS, in addition to enhanced information system security following the vulnerability mitigation,” DHS notes.

The post notes that those submitting vulnerabilities would need to identify the vulnerable host, the needed information to reproduce the vulnerability, remediation suggestions, and the potential impact if not remediated. DHS estimates the form would take three hours to fill out for security researchers, and anticipates 3m000 respondents for the program.

In its request for public feedback, DHS and the Office of Management and Budget asked for comment on whether the form would collect necessary information, the accuracy of DHS estimates on time and number of respondents, and what DHS could do to enhance the quality of information connected.

Responses to the post will be due within 60 days of being finalized on the Federal Register.

Categories

Recent