CISA will accept nominations for vulnerabilities to be added to its Known Exploited Vulnerabilities (KEV) catalog. The KEV Nomination Form aligns with the Vulnerability Disclosure Policy Platform and the Coordinated Vulnerability Disclosure Program. The process is intended to encourage good faith security research and support transparent, coordinated remediation of cyber risks. Public reporting to CISA is described as essential for strengthening national cybersecurity posture. The change is expected to increase intelligence by enabling more sources to report exploited vulnerabilities. It is also expected to add structure and visibility by providing a formal, public-facing submission mechanism instead of relying on an unstructured email address referenced in earlier guidance.
"CISA's KEV Nomination Form aligns with our Vulnerability Disclosure Policy (VDP) Platform and Coordinated Vulnerability Disclosure (CVD) Program, which together encourages good faith security research and promotes transparent, coordinated remediation of cyber risks. Public reporting to CISA is essential to the nation's cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical infrastructure networks."
"This is a strong example of CISA operationalizing its partnership with the cybersecurity research community in a very practical way. Crowdsourcing exploitation intelligence through a standardized nomination process means faster KEV additions and, ultimately, faster defensive action across the whole ecosystem. It's the right move at the right time, as AI is accelerating both the discovery and exploitation of vulnerabilities at a pace that makes early, coordinated disclosure more critical than ever."
"This is a new formal, structured, public-facing submission mechanism. Earlier, it lived as a plain, unstructured email address mentioned in BOD 22-01 guidelines. Organizations or individuals with information about an exploited vulnerability that is not currently listed on th"
#cisa #kev-catalog #vulnerability-disclosure #coordinated-vulnerability-disclosure #cybersecurity-reporting
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]