Thanks to a great friend and graphic designer, @NguyetV, we have an infographic of the US Federal Government’s work around coordinated disclosure over the last two years.
UPDATE: Since publication, the FDA released their final postmarket guidance on December 28.
UPDATE 2017.06.07: In May, a Senate bill was introduced for a government-wide bug bounty, and in June the House bug bounty equivalent was also introduced. And Mårten Mickos, of HackerOne pointed out that the General Services Administration’s (GSA) 18F has a disclosure policy, and that Hack The Air Force is currently running.
UPDATE 2017.11.06: A couple of new examples, in the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 introduced by Senators Mark Warner and Corey Gardner, which calls for companies to have a coordinated disclosure policy and would provide safe harbor for researchers reporting in good faith.
Also, thanks to Harley Geiger who identified four new updates.
- The Department of Justice, “Framework for a Vulnerability Disclosure Program for Online Systems,” published in July 2017.
- The Copyright Office, “Section 1201 of Title 17,” published in June 2017.
- The Senate Bill, “American Vision for Safer Transportation through Advancement of Revolutionary Technologies Act” or the “AV START Act,” introduced in September 2017.
- The Senate Bill, “Hack the Department of Homeland Security Act of 2017″ or the “Hack DHS Act,” introduced in May 2017.