Original release date: December 2, 2019
The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft of Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy (VDP). CISA has posted the draft directive for public feedback. The deadline for submitting comments is 11:59 PM EST on December 27, 2019.
CISA encourages users and administrators to review the CISA blog post, Improving Vulnerability Disclosure Together, and draft BOD 20-01 for more information. CISA encourages feedback on draft BOD 20-01 from individuals with personal or institutional expertise in vulnerability disclosure and from organizations that have a VDP and manage coordinated vulnerability disclosures.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released five Industrial Control Systems (ICS) advisories on September 4, 2025. These advisories provide…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025. These advisories provide…
This website uses cookies.