The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses. The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential security weaknesses reported by researchers.
Read full article on Dark Reading