Skip to the content

Follow us @UKAuthority

NCSC releases Vulnerability Disclosure Toolkit

15/09/20

Mark Say Managing Editor

The National Cyber Security Centre (NCSC) has brought out a Vulnerability Disclosure Toolkit (DST) for organisations to improve their understanding of the process.

Hand coming out of computer screen

It is aimed at helping them to set up a clearly signposted reporting process for any security vulnerabilities detected by third parties, which in turn enables them to deal with threats and reduce any risks.

The toolkit consists of three core components on communication, policy and security.

NCSC’s vulnerability disclosure lead, named as Ollie N, said the release has come after a two-year vulnerability co-ordination and the organisation’s experience of running its Vulnerability Reporting Service.

He emphasised that good communication can build trust, a clear policy explains to finders how the process works and what they can expect to happen, and that the process should be easy to set up and use to have much value.

The toolkit also points to the proposed standard security.txt from the Internet Engineering Task Force as a way for an individual to easily find all of the information required.

“An established internal process helps ensure that vulnerability information gets to the right person (or team),” Ollie N said.

“However, this first edition of the toolkit is designed just to cover the essential steps. Over time we’ll develop the toolkit to include how to build an internal process that can triage and fully manage a vulnerability disclosure.”

Image from i#STock, Henrik Johnsson

Register: Library & Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.