Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities in their systems, and engaging the public security researcher community.

Public security researchers play a vital role in securing our federal government’s networks. As part of CISA’s persistent and ongoing collaboration with the public security researcher community, CISA issued Binding Operational Directive (BOD) 20-01 in 2020, which requires every FCEB agency to establish a VDP. These VDPs follow industry and community best practices, including giving authorization to participating public security researchers and committing to not pursue legal action for good-faith research.Â

CISA’s VDP Platform complements BOD 20-01 by giving FCEB agencies an easy way to establish a VDP and to engage with public security researchers. CISA appreciates the contributions by thousands of public security researchers to date and looks forward to continuing to further broaden this collaboration in the future.

To learn more about the VDP Platform, please visit the Vulnerability Disclosure Policy (VDP) Platform webpage and view the VDP 101 video on CISA’s YouTube channel.