Skip to Content

Cybersecurity & Standards

CDT Joins Comments Urging NIST to Incorporate Standards Setting Out Best Practices for Coordinated Vulnerability Disclosure

CDT joined a number of civil society groups and companies in comments to the National Institute of Standards and Technology (NIST) concerning the treatment of coordinated vulnerability disclosure and handling processes in its Cybersecurity Framework.

In particular, as the comments set forth, while the Framework rightly recognizes that vulnerability disclosure processes are an important component of a cybersecurity program, the current framework fails to reference widely accepted standards for best practices for coordinated vulnerability disclosure. The comments urge NIST to rectify this omission to help provide clearer and more consistent guidance.

Read the full comments here.