Published on JD Supra on December 3, 2019
On November 27, 2019, the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) released for public comment a draft of Binding Operational Directive 20-01, Develop and Publish a Vulnerability Disclosure Policy (the “Directive”). Pursuant to the Directive, Executive Branch agencies are required to develop and publish a procedure pursuant to which members of the public can report discovered vulnerabilities without fear of prosecution. The Directive is also accompanied by a draft coordinated vulnerability disclosure policy.
3705 Canyon Ridge Ct. NE | Atlanta, Georgia 30319
161 N. Clark Street | Ste. 1700 | Chicago IL 60601