CISA and Bugcrowd to Launch Federal Crowdsourced VDP Platform

The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with Bugcrowd to launch the first ever federal civilian enterprise-wide crowdsourced vulnerability disclosure policy (VDP) platform.

The move will allow Federal Civilian Executive Branch (FCEB) agencies to coordinate with the civilian hacker community about vulnerabilities in their critical systems. FCEB agencies will now be able to receive security feedback from Bugcrowd’s community of ethical hackers around the world, helping them quickly identify and monitor vulnerabilities in their critical systems.

The collaboration follows the publication of the Binding Operational Directive (BOD) 20-01 in September last year. This directive mandates all FCEB agencies to develop and publish a VDP “for purposes of safeguarding federal information and information systems.”   

Bugcrowd and CISA will work with Endyna, a government contractor that provides technology-based solutions, to deliver the VDP platform. Endyna’s will provide a Software as a service (SaaS) component to CISA’s VDP platform, and has been awarded a one-year contract with four option years.

In addition to the CISA-funded VDPR platform, the initiative will allow FCEB agencies to create their own bug bounty programs from Bugcrow and Endyna as part of any new digital transformation strategies they undertake.

Ashish Gupta, CEO and president of Bugcrowd, commented: “As seen in the commercial and defense sectors, crowdsourced cybersecurity and vulnerability disclosure programs are a critical safeguard in helping reduce the risk of breach.

“The need for cyber resilience and risk management is unprecedented in today’s digitally connected world and the partnership between CISA and Bugcrowd provides the most powerful crowdsourced cybersecurity platform solution to address the government’s growing need for contextually intelligent security assessments to protect its vast attack surface. We are honored to be the first crowdsourced cybersecurity vendor to work with CISA on an FCEB-wide proactive defense strategy through our VDP solution.”

Ashok Siddhanti, CEO of Endyna, stated: “We are firmly committed to enhancing government defenses and improving security operations across network infrastructures.

“Our fundamental goal is to radically improve the FCEB’s ability to detect and remediate security gaps within these respective agencies’ digital infrastructures, and we look forward to working with Bugcrowd to advance government security.”

What’s Hot on Infosecurity Magazine?