The DoD's Vulnerability Disclosure Program (VDP) is the oldest and largest such program in the world. Born as a permanent sustainment of the 2016 Hack the Pentagon Bug Bounty Program, the DoD VDP is the central point for crowdsourced vulnerability discovery and also tracks vulnerabilities from initial report to completed mitigation.
This presentation will:
Enrich: Provide historical background and the need for building VDP programs as well as a new methodological construct of the vulnerability lifecycle to better understand vulnerability data.
Enable: Outline the functions and stakeholder roles in building a VDP. Through a case study of a buildout of a Defense Industrial Base VDP program, we'll show how VDPs can help inoculate organizations through vulnerability information sharing.
Excel: Reduce an attack surface through an additional outer layer of defense.
Learning objectives:
1. Describe what a vulnerability disclosure program (VDP) is and why it is an important component of an organization's security platform.
2. Define how a VDP differs from traditional vulnerability management programs.
3. Describe ways that a vulnerability can be shared between organizations in order to better protect security partners.