search

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
https://api.open.fec.gov/developers
Other
483 stars 106 forks source link

Create vulnerability disclosure policy #4108

Open lbeaufort opened 4 years ago

lbeaufort commented 4 years ago

Last week, DHS Cybersecurity & Infrastrucutre Security Agency (CISA) released a draft directive, BOD 20-01, which will require executive branch agencies to publish and maintain a vulnerability disclosure policy. A VDP makes it easier for people who have ‘seen something’ amiss on the government’s online services to ‘say something’ to those who can fix it, and authorizes security research for those who comply with the policy. The CISA assistant director shared summary about the effort in a blog post: https://www.cisa.gov/blog/2019/11/27/improving-vulnerability-disclosure-together

Once the rule is finalized, FEC should research creating a vulnerability disclosure policy and adding it to our public repos. We will need to reach out to the Admin Law team.

Here's the draft checklist: https://cyber.dhs.gov/bod/20-01/#checklist

lbeaufort commented 4 years ago
lbeaufort commented 4 years ago

This went live today. https://cyber.dhs.gov/bod/20-01/. This includes a checklist: https://cyber.dhs.gov/bod/20-01/#checklist. I reached out to PM's and CISO about next steps.