More than 7,000 security flaws have been submitted to the Cybersecurity and Infrastructure Security Agency's Vulnerability Disclosure Policy program in 2023, which is 132% higher than bugs submitted in 2022, when the program began, with valid disclosures and remediated flaws increasing by 82% and 78% last year, respectively, according to The Record, a news site by cybersecurity firm Recorded Future.
Aside from yielding nearly $4.45 million in average remediation expense savings, government agency participation in the VDP program was also linked to accelerated vulnerability submission validation efforts, a report from CISA revealed. "The VDP Platform offers agencies significant cost and time savings. While VDPs are a critical component of an agency’s vulnerability management process, implementation and management come with associated costs for agencies. Handling disclosed vulnerabilities, triaging reports, corresponding with security researchers, and collecting and reporting required metrics are all labor-intensive steps that draw agency resources away from prioritizing valid vulnerability submissions and coordinating remediation activities," said CISA.
