Tech Firms Endorse Software Vulnerability Info Sharing, Disclosure Effort

A coalition of multinational technology firms has volunteered to make public their company policies governing the disclosure and sharing of known software vulnerabilities.

Signatories to the Cybersecurity Tech Accord announced Monday they were publishing their Coordinated Vulnerability Disclosure policies, a concept endorsed by the Global Forum on Cyber Expertise, an international platform for governments, companies and other organizations seeking “to strengthen cyber capacity and expertise globally.”

Companies that signed the pact include CA Technologies, Cisco, Dell, FireEye, Hewlett Packard Enterprise, Microsoft, Oracle, SAP, Salesforce and VMware.

By publishing their CVDs, the Accord signatories said they sought to promote transparency and cooperation within the tech industry when it comes to handling and resolving vulnerabilities found in software products and services.

CTA members recognized the risks posed by software vulnerabilities due to the ubiquity of software use and emphasized the need for vendors to be promptly informed of such problems so that corrective measures could be taken.

Participants went on to express their conviction in the value of having CVDs and encouraged other technology companies to adopt identical disclosure protocols.

Check Also

Bill Beard SVP Vertex Aerospace

Bill Beard Promoted to Corporate Operations & Strategy SVP at Vertex Aerospace

Bill Beard, former interim senior vice president of corporate business operations and development at Vertex Aerospace, has been promoted to SVP of corporate operations and strategy.


Carahsoft, GitLab Partner to Offer Agencies DevSecOps Platform via AWS Marketplace

Carahsoft Technology has agreed to offer GitLab's suite of DevSecOps tools to government organizations through Amazon Web Services' cloud marketplace and helped launch a product and training package as part of the partnership


QTS Receives EPA Recognition for Energy Procurement Approach

QTS Realty Trust has won a Direct Project Engagement award from the Environmental Protection Agency for the data center services provider's practice of sourcing renewable electricity to power its operations.