The U.S. Cybersecurity and Infrastructure Security Agency is ordering most executive branch agencies and departments to create vulnerability disclosure programs by March 2021. The order is part of CISA’s renewed commitment to making vulnerability disclosure to the civilian executive branch as easy conceptually as dialing 911. While some of the larger government agencies, such as the Defense Department, already have disclosure programs and work with outside bug hunters to find vulnerabilities, many other federal agencies lack these policies, according to CISA. CISA notes that the vulnerability disclosure policies are not the same as financial incentives to disclose bugs.”]
Source: https://www.cuinfosecurity.com/us-agencies-must-create-vulnerability-disclosure-policies-a-14949