GSA Issues Vulnerability Disclosure Rule for Technology Transformation Service-Run Systems

cyberThe General Services Administration’s technology transformation service organization has released a new policy that seeks to help security researchers report cyber vulnerabilities in TTS-run systems.

TTS issued the vulnerability disclosure policy in an effort to assure security researchers that GSA will not initiate legal action under the Computer Fraud and Abuse Act for research efforts that are considered “authorized,” according to a blog post published Nov. 22 on 18F website.

The policy covers five TTS-operated systems that include vote.gov, analytics.usa.gov, calc.gsa.gov, micropurchase.18f.gov and 18f.gsa.gov.

GSA’s TTS wants security researchers to avoid privacy violations and disruption to production systems as well as keep the use of exploits “to the extent necessary to confirm a vulnerability.”

Security researchers should maintain the confidentiality of identified vulnerabilities 90 days after submission of notification reports to TTS, according to the policy.

The Defense Department also introduced a vulnerability disclosure policy that aims to facilitate reporting of cyber vulnerabilities in DoD websites.

You may also be interested in...

Rear Adm. John Lemmon

Navy Engines Project Gains Access to DOD Supercomputers for Simulation Testing; Rear Adm. John Lemmon Quoted

An engines project of the Naval Air Warfare Center aircraft division will gain access to the Department of Defense’s supercomputers, which will aid in conducting simulation tests of naval aviation engines before actual demonstration in a laboratory. As part of the High Performance Computing Modernization Program Frontier Project portfolio, NAWCAD engineers can leverage the computers’ predictive modeling without having to risk actual resources for live demos. 

Leave a Reply

Your email address will not be published. Required fields are marked *