On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and four allied cyber authorities published a guide telling software vendors how to build a coordinated vulnerability disclosure (CVD) program. Six days earlier, CISA published a blog post explaining how a security researcher had tried and failed, repeatedly, to report a serious problem to CISA itself. Read side by side, the two documents suggest the timing is deliberate. The guidance Suppliers should design a CVD … More →The post CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance appeared first on Help Net Security.