DC3 Mission

Vulnerability Disclosure Program

The Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) is a voluntary program, established collaboratively by the Department of Defense Cyber Crime Center's (DC3) DoD Defense Industrial Base Collaborative Information Sharing Environment (DCISE), DoW Vulnerability Disclosure Program (DoW VDP), and the Defense Counterintelligence and Security Agency (DCSA). Designed to assist defense contractors in identifying and mitigating software vulnerabilities within internet-facing systems by reducing the DIB and DoW’s attack surface before our adversaries can exploit them.

 

DIB-Vulnerability Disclosure Program

Strategic Focus

  • Custom Solutions: Tailors software and systems for digital forensic examiners and cyber intrusion analysts.

  • Tool Validation: Validates commercial, government, and open-source digital forensic tools for relevance and reproducibility.

  • Technology Leadership: Proactively identifies, researches, and evaluates new technologies, techniques, and tools.

  • Standards Development: Actively participates in creating industry standards like STIX and CASE.

  • Tool Sharing: Shares internally developed tools with federal, state, and local law enforcement.

  • Repository Maintenance: Maintains the Counterintelligence Tool Repository (CITR) for both classified and unclassified tools.

Course Catalog

VDP Policy & Reporting

To read the DoW Vulnerability Disclosure Policy and to submit a vulnerability report:

Submit DoD Vulnerability Report
Course Registration

DIB-Vulnerability Disclosure Program

Validation reports for digital forensic tools to ensure relevancy and reproducibility. These reports are UNCLASSIFIED//FOUO and for U.S. DoW, Federal LE/CI official use only.

DIB-VDP Program

Capabilities

The DoW Vulnerability Disclosure Program:

  • As a key component of the National Cyber Strategy, Pillar II, promotes full-lifecycle cybersecurity through the use of coordinated vulnerability disclosure, crowdsourced testing, and risk assessments that improve resiliency ahead of exploitation or attack.
  • Enhances the partnership between DoW and the computer security researcher community, building a positive feedback loop to enhance the security of the DoW through the speedy discovery and remediation of vulnerabilities.
  • Reduces the elapsed time from discovery of a vulnerability to notification of the system owner to successful mitigation of the vulnerability.
  • Provides an open channel and legal safe harbor for the discoverer of the vulnerability to report it to DoW.
  • Facilitates the National Defense Strategy LOE "Build a More Lethal Force" by increasing the resilience of DoW cyberspace assets.
  • Aligns with ISO/IEC 29147:2018 and ISO/IEC 30111:2019.

Contact Us

Contact Us QR Code

Vulnerability Disclosure - Communications