Thanks to a great friend and graphic designer, @NguyetV, we have an infographic of the US Federal Government’s work around coordinated disclosure over the last two years.

UPDATE: Since publication, the FDA released their final postmarket guidance on December 28.

UPDATE 2017.06.07: In May, a Senate bill was introduced for a government-wide bug bounty, and in June the House bug bounty equivalent was also introduced. And Mårten Mickos, of HackerOne pointed out that the General Services Administration’s (GSA) 18F  has a disclosure policy, and that Hack The Air Force is currently running.

UPDATE 2017.11.06: A couple of new examples, in the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 introduced by Senators Mark Warner and Corey Gardner, which calls for companies to have a coordinated disclosure policy and would provide safe harbor for researchers reporting in good faith.

Also, thanks to Harley Geiger who identified four new updates.