
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) last week introduced a new platform that allows federal civilian agencies to enable security researchers to legally probe select information systems and websites and report on vulnerabilities they discover. The platform follows the release in September 2020 by CISA of a Binding Operational Directive to the federal civilian executive branch requiring most agencies to create a vulnerability disclosure policy (VDP), which establishes mechanisms and methods for people that “find…