in ,

Tech Firms Urge NIST to Include Vulnerability Disclosure Processes in Cybersecurity Framework

Tech Firms Urge NIST to Include Vulnerability Disclosure Processes in Cybersecurity Framework - top government contractors - best government contracting event

Tech Firms Urge NIST to Include Vulnerability Disclosure Processes in Cybersecurity Framework - top government contractors - best government contracting eventA coalition of security companies and advocacy groups has called on the National Institute of Standards and Technology to incorporate best practices on digital vulnerability disclosures into the agency’s updated Cybersecurity Framework, Nextgov reported Tuesday.

Joseph Marks writes the consortium urged NIST to add a section on procedures to receive, review and respond to vulnerability reports.

NIST sought public feedback on version 1.1 of its Framework for Improving Critical Infrastructure Cybersecurity and the agency plans to release a finalized framework this fall, Marks reported.

Vulnerability disclosure and handling processes would clarify existing elements of the framework and help organizations evaluate their readiness to respond to vulnerability information and communicate with stakeholders, the coalition said in a written comment published Monday.

The group added such processes can also give researchers and vulnerability discoverers “a clear channel to communicate vulnerabilities to technology providers and operators, reducing the risk of conflict or misunderstanding.”

The comment was signed by Cisco Systems, Symantec, Tenable, Bugcrowd, Cybereason, Duo Security, Grimm SecurityHackerOneLuta SecurityRapid7 and WhiteScope.

The coalition also includes Access Now, the Center for Democracy & Technology, the Electronic Frontier Foundation, I Am The Cavalry, the New America’s Open Technology Institute, the Niskanen Center, the Online Trust Alliance, Security of Things Forum and TechFreedom.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News

Motorola Solutions to Debut Public Safety Mobile Apps Suite - top government contractors - best government contracting event

Motorola Solutions to Debut Public Safety Mobile Apps Suite

Druva Cloud Data Protection Tech Gets FedRAMP 'In Process' Designation - top government contractors - best government contracting event

Druva Cloud Data Protection Tech Gets FedRAMP ‘In Process’ Designation