Tech Firms Urge NIST to Include Vulnerability Disclosure Processes in Cybersecurity Framework

A coalition of security companies and advocacy groups has called on the National Institute of Standards and Technology to incorporate best practices on digital vulnerability disclosures into the agency’s updated Cybersecurity Framework, Nextgov reported Tuesday.

Joseph Marks writes the consortium urged NIST to add a section on procedures to receive, review and respond to vulnerability reports.

NIST sought public feedback on version 1.1 of its Framework for Improving Critical Infrastructure Cybersecurity and the agency plans to release a finalized framework this fall, Marks reported.

Vulnerability disclosure and handling processes would clarify existing elements of the framework and help organizations evaluate their readiness to respond to vulnerability information and communicate with stakeholders, the coalition said in a written comment published Monday.

The group added such processes can also give researchers and vulnerability discoverers “a clear channel to communicate vulnerabilities to technology providers and operators, reducing the risk of conflict or misunderstanding.”

The comment was signed by Cisco Systems, Symantec, Tenable, Bugcrowd, Cybereason, Duo Security, Grimm SecurityHackerOneLuta SecurityRapid7 and WhiteScope.

The coalition also includes Access Now, the Center for Democracy & Technology, the Electronic Frontier Foundation, I Am The Cavalry, the New America’s Open Technology Institute, the Niskanen Center, the Online Trust Alliance, Security of Things Forum and TechFreedom.

You may also be interested in...


Air Force Taps SpaceX to Investigate High-Capacity Manufacturing Tech for Thermal Protection Systems

Air Force Research Laboratory has awarded an $8.5 million contract to SpaceX to enhance manufacturing technologies used to produce hypersonic-capable thermal protection systems, Space News reported Monday.

AlertTrace by VOS Systems

USAF Procures Contact Tracing Tech From VOS Systems for COVID-19 Response Efforts

VOS Systems received a contract of an undisclosed sum from the U.S. Air Force to deliver, field and sustain an electronic COVID-19 contact tracing tool.

5G technology

VA Hospital Adopts T-Mobile 5G Platform; David Bezzant Quoted

T-Mobile has helped the Department of Veterans Affairs implement 5G technology at a hospital in Miami to support care delivery and telehealth services through instant mobile connectivity.