Jerry Petersen
A coalition of multinational technology firms has volunteered to make public their company policies governing the disclosure and sharing of known software vulnerabilities.
Signatories to the Cybersecurity Tech Accord announced Monday they were publishing their Coordinated Vulnerability Disclosure policies, a concept endorsed by the Global Forum on Cyber Expertise, an international platform for governments, companies and other organizations seeking “to strengthen cyber capacity and expertise globally.â€
Companies that signed the pact include CA Technologies, Cisco, Dell, FireEye, Hewlett Packard Enterprise, Microsoft, Oracle, SAP, Salesforce and VMware.
By publishing their CVDs, the Accord signatories said they sought to promote transparency and cooperation within the tech industry when it comes to handling and resolving vulnerabilities found in software products and services.
CTA members recognized the risks posed by software vulnerabilities due to the ubiquity of software use and emphasized the need for vendors to be promptly informed of such problems so that corrective measures could be taken.
Participants went on to express their conviction in the value of having CVDs and encouraged other technology companies to adopt identical disclosure protocols.
