The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy.
In an online memo, Bryan Ware, Assistant Director for Cybersecurity at CISA, described a scenario of walking in one's neighborhood and calling emergency services upon seeing a house engulfed in flames.
The government, he suggested, would benefit if people could take similar action upon finding a security flaw in a federal website. But many government websites don't advertise how to raise the alarm or offer any assurance that vulnerability reports are welcome.
"An open redirect – which can be used to give off-site malicious content the appearance of legitimacy – may not be on par with a fire, yet serious vulner ..
Support the originator by clicking the read the rest link below.