Skip to Content

Cybersecurity & Standards

CDT Joins Comments Urging NIST to Incorporate Standards Setting Out Best Practices for Coordinated Vulnerability Disclosure

/ Samir Jain

CDT joined a number of civil society groups and companies in comments to the National Institute of Standards and Technology (NIST) concerning the treatment of coordinated vulnerability disclosure and handling processes in its Cybersecurity Framework.

In particular, as the comments set forth, while the Framework rightly recognizes that vulnerability disclosure processes are an important component of a cybersecurity program, the current framework fails to reference widely accepted standards for best practices for coordinated vulnerability disclosure. The comments urge NIST to rectify this omission to help provide clearer and more consistent guidance.

Read the full comments here.

Related Reading

The CDT logo. A light and dark grey "cdt" alongside "Center for Democracy & Technology" on a white background.

Deprecating third-party cookies: a small step towards a more private web
The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

More Encryption is the Goal: The Internet Architecture Board Holds a Workshop on Managing Encrypted Networks
The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

Comments to the United Nations on the Global Digital Compact