CISA Guidance Urges Formal Coordinated Disclosure
🔒 CISA and four international cybersecurity agencies have issued joint guidance urging software vendors and online service providers to establish coordinated vulnerability disclosure (CVD) programs. The guidance outlines how to publish clear disclosure policies, maintain communication with researchers, and handle reports for software, hardware, and network products. It supports CISA’s Secure by Design initiative and emphasizes prioritization, exploitability-based assessment, and validating compensating controls when patches are unavailable.
