You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
US government agencies currently have many systems in operation with known vulnerabilities and weaknesses and limited funds or resources to mitigate the issues. The agencies continue to operate the systems because they accept the security risk in order to not impede the agency mission. If the systems become non-operational during an attack, then the assumption is that appropriations will then be provided to mitigate the issue. These legacy and underfunded systems should never be a part of any vulnerability disclosure program because the discovery of more vulnerabilities without the ability for remediation will only further weaken the country’s IT systems.
The text was updated successfully, but these errors were encountered:
The vulnerabilities are already there, and attackers can find them and won't tell you about them. Bringing attention to the underfunding seems like it would be a good thing, no?
Acknowledging that the vulnerabilities are there, and the underlying problem that many Federal programs are underresourced to address cybersecurity program requirements and vulnerability mitigation, is a VDP the solution to what is essentially a resource availability, allocation and/or prioritization problem?
US government agencies currently have many systems in operation with known vulnerabilities and weaknesses and limited funds or resources to mitigate the issues. The agencies continue to operate the systems because they accept the security risk in order to not impede the agency mission. If the systems become non-operational during an attack, then the assumption is that appropriations will then be provided to mitigate the issue. These legacy and underfunded systems should never be a part of any vulnerability disclosure program because the discovery of more vulnerabilities without the ability for remediation will only further weaken the country’s IT systems.
The text was updated successfully, but these errors were encountered: