Only a handful of federal government departments and agencies with responsibilities for front-facing digital services have opened the door to security researchers to report bugs they discover in the nine months since vulnerability disclosure programs were mandated.
An investigation by InnovationAus.com reveals that of the 15 departments without such a program when the mandate was introduced, only one has implemented public reporting processes for vulnerabilities.
A further seven agencies that were assessed, including those responsible for the majority of the government’s interactions with citizens, have implemented or partially implemented vulnerability disclosure programs (VDPs).
Do you know more? Contact James Riley via Email.