The Cybersecurity and Infrastructure Security Agency (CISA) released a draft version of Binding Operational Directive (BOD) 20-01, which would require Federal agencies to establish a vulnerability disclosure policy for internet-connected systems. […]