Only a handful of federal government departments and agencies with responsibilities for front-facing digital services have opened the door to security researchers to report bugs they discover in the nine months since vulnerability disclosure programs were mandated.
An investigation by InnovationAus.com reveals that of the 15 departments without such a program when the mandate was introduced, only one has implemented public reporting processes for vulnerabilities.
A further seven agencies that were assessed, including those responsible for the majority of the government’s interactions with citizens, have implemented or partially implemented vulnerability disclosure programs (VDPs).
Want to know how this story ends?
Become a subscriber for complete access to all stories on InnovationAus.com and our daily newsletter.
Do you know more? Contact James Riley via Email.