Publication of VDP Authorizing Public Product Testing, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish a vulnerability disclosure policy (VDP) that authorizes public testing of its products and services, and prohibits legal action against good-faith researchers who engage in such testing.
Assessment Step
|
1
Publication of VDP Authorizing Public Product Testing (PublicationofVDPAuthorizingPublicProductTesting)
Does the organization publish a vulnerability disclosure policy (VDP) that authorizes public testing of its products and services, and prohibits legal action against good-faith researchers who engage in such testing?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Publication of VDP Authorizing Public Product Testing
The organization must publish a vulnerability disclosure policy (VDP) that authorizes public testing of its products and services, and prohibits legal action against good-faith researchers who engage in such testing.
Citation
SBDP
(doc)
|