The DoD's Vulnerability Disclosure Program (VDP) is the oldest and largest such program in the world. Born as a permanent sustainment of the 2016 Hack the Pentagon Bug Bounty Program, the DoD VDP is the central point for crowdsourced vulnerability discovery and also tracks vulnerabilities from initial report to completed mitigation.
This presentation will: Enrich: Provide historical background and the need for building VDP programs as well as a new methodological construct of the vulnerability lifecycle to better understand vulnerability data.
Enable: Outline the functions and stakeholder roles in building a VDP. Through a case study of a buildout of a Defense Industrial Base VDP program, we'll show how VDPs can help inoculate organizations through vulnerability information sharing.
Excel: Reduce an attack surface through an additional outer layer of defense.