DC3 Mission

Vulnerability Disclosure Program

The Department of War (DoW) Vulnerability Disclosure Program (VDP) is your central point for reporting security vulnerabilities. We collaborate with private-sector cybersecurity researchers to strengthen our network defenses and ensure mission success.

 

Vulnerability Disclosure Program

Strategic Focus

  • Custom Solutions: Tailors software and systems for digital forensic examiners and cyber intrusion analysts.

  • Tool Validation: Validates commercial, government, and open-source digital forensic tools for relevance and reproducibility.

  • Technology Leadership: Proactively identifies, researches, and evaluates new technologies, techniques, and tools.

  • Standards Development: Actively participates in creating industry standards like STIX and CASE.

  • Tool Sharing: Shares internally developed tools with federal, state, and local law enforcement.

  • Repository Maintenance: Maintains the Counterintelligence Tool Repository (CITR) for both classified and unclassified tools.

Course Catalog

VDP Policy & Reporting

To read the DoW Vulnerability Disclosure Policy and to submit a vulnerability report:

Submit DoD Vulnerability Report
Course Registration

DIB-Vulnerability Disclosure Program

Validation reports for digital forensic tools to ensure relevancy and reproducibility. These reports are UNCLASSIFIED//FOUO and for U.S. DoW, Federal LE/CI official use only.

DIB-VDP Program

VDP Bug Bytes Monthly Data

Capabilities

The DoW Vulnerability Disclosure Program:

  • As a key component of the National Cyber Strategy, Pillar II, promotes full-lifecycle cybersecurity through the use of coordinated vulnerability disclosure, crowdsourced testing, and risk assessments that improve resiliency ahead of exploitation or attack.
  • Enhances the partnership between DoW and the computer security researcher community, building a positive feedback loop to enhance the security of the DoW through the speedy discovery and remediation of vulnerabilities.
  • Reduces the elapsed time from discovery of a vulnerability to notification of the system owner to successful mitigation of the vulnerability.
  • Provides an open channel and legal safe harbor for the discoverer of the vulnerability to report it to DoW.
  • Facilitates the National Defense Strategy LOE "Build a More Lethal Force" by increasing the resilience of DoW cyberspace assets.
  • Aligns with ISO/IEC 29147:2018 and ISO/IEC 30111:2019.

Contact Us

Follow us on   @DC3VDP