In update news, The Vulnerability Disclosure Policy (VDP) Platform, an internal clearinghouse for cybersecurity vulnerabilities in the US federal government, has received over 1,300 valid reports in its first 18 months, with a rate of about 85% remediation. The program has saved as much as $4.35 million in estimated response and recovery efforts and has seen “tremendous growth” in onboarding 40 agency programs since its launch in July 2021. The VDP Platform enables agencies to identify and address security vulnerabilities in their software or systems before threat actors can exploit them and encourages researchers to report vulnerabilities.
Why do we care?
A disciplined approach to handling vulnerabilities exhibits results! Shocking, I know. I’ve discussed disclosures as a methodology before, and here’s more data about it. Your takeaway – push your vendors to engage in this practice. Look for their programs, and choose who you do business with where this is a criteria.

