U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate. Policy would give ethical hackers clear guidelines for submitting bugs found in government systems. CISA will offer a vulnerability-bounty program service next spring. The policies would cover all internet-accessible systems or services in government agencies including systems that were not intentionally made online-accessible, CISA says. The directive first debuted in December 2019 as a draft open to public comment.
Source: https://threatpost.com/u-s-agencies-vulnerability-disclosure-policies-march-2021/158913/