THE publication titled "Establishing a Coordinated Vulnerability Disclosure Program to Work With Security Researchers" was developed by CISA and the NSA, along with international partners. It provides best practices for software manufacturers and online service providers to create a coordinated vulnerability disclosure (CVD) program. This includes implementing a clear vulnerability disclosure policy and processes for managing vulnerabilities and assigning CVE identifiers.
The guidance highlights the importance of collaborating with security researchers and utilizing intermediaries like CISA for effective vulnerability management. The goal is to enhance product security, foster relationships, and protect customers.