DC3, DCSA Partner to Launch Vulnerability Disclosure Program for Defense Industrial Base

The Department of Defense Cyber Crime Center and the Defense Counterintelligence and Security Agency are teaming up to develop the Vulnerability Disclosure Program for the Defense Industrial Base.

Also known as DIB-VDP, the voluntary and free program aims to enhance the cybersecurity posture of companies supporting the DIB, as defined by 32 Code of Federal Regulations part 236, the DC3 said.

Under the program, ethical researchers will be authorized to analyze and report vulnerabilities in the participants’ voluntarily identified DIB systems and platforms, enabling companies to promptly address cyber risks and enhancing the security of the defense ecosystem.

The DIB-VDP builds upon the results of a 12-month pilot program conducted by DC3 and DCSA in 2022, which demonstrated the effectiveness of coordinated vulnerability disclosure in improving DIB cybersecurity.

DCSA contributes to the DIB-VDP by using its existing connections with DIB enterprises and oversight of around 12,500 approved businesses under the National Industrial Security Program.

The effort also aligns with national-level cybersecurity strategies, including the 2022 National Defense Strategy, the 2023 National Cybersecurity Strategy and the 2024 Defense Industrial Base Cybersecurity Strategy.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now