The General Services Administration and the Department of Homeland Security issued in December a request for information on potential vendors that could provide the federal government with a centralized, cloud-based vulnerability disclosure platform, FCW reported Thursday.
The Cybersecurity and Infrastructure Security Agency at DHS will manage the platform, which will help facilitate the tracking and submission of vulnerabilities in internet-based data systems of federal civilian executive branch agencies, according to the RFI.
The government wants the platform to be a software-as-a-service web application and serve as a primary entry point for reporters of vulnerabilities and as a web-based communication tool for agencies and vulnerability reporters.
The platform will provide an application programming interface to take actions on vulnerability reports and offer metrics around such reports, including the number of submitted reports and median time to validate, respond and mitigate cyber issues.
Interested stakeholders have until Jan. 15 to respond to the RFI.