Original release date: September 3, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal Government’s internet-accessible systems. CISA released a draft version of BOD 20-01 for public comment in December 2019 and incorporated many of the received suggestions in the final version.
CISA encourages users to review BOD 20-01 and the CISA blog post, Improving Vulnerability Disclosure Together (Officially) for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.