dc3 Mission

Vulnerability Disclosure Program

The Department of War Vulnerability Disclosure Program is the central point for reporting security vulnerabilities and working with private-sector cybersecurity researchers to strengthen network defenses and support mission assurance.

 
mission overview

Vulnerability Disclosure Program

The Vulnerability Disclosure Program serves as the central point for receiving vulnerability reports and partnering with cybersecurity researchers to strengthen the security and resilience of the Department of War Information Network (DoDIN).

VDP improves network defenses and enhances mission assurance by engaging private-sector white hat researchers who help identify vulnerabilities before they can be exploited.

In January 2021, the VDP scope expanded from public-facing websites to all publicly accessible information systems throughout the Department of War, broadening protection for the Department of War attack surface and offering safe harbor for researchers.

VDP at a glance

Central ReportingSingle focal point for receiving and coordinating vulnerability reports.
Researcher PartnershipEngages cybersecurity researchers through coordinated vulnerability disclosure.
Safe HarborProvides an open channel for researchers to report vulnerabilities responsibly.
Mission AssuranceSupports cyber hygiene across publicly accessible systems and services.

Vulnerability Disclosure Program Capabilities

VDP strengthens cybersecurity by supporting coordinated vulnerability disclosure, crowdsourced testing, vulnerability reporting, and timely remediation across the Department of War cyber ecosystem.

Coordinated Vulnerability Disclosure

Promotes full-lifecycle cybersecurity through coordinated vulnerability disclosure, crowdsourced testing, and risk assessment.

Researcher Community Partnership

Enhances the partnership between the Department of War and the computer security researcher community through a positive feedback loop.

Faster Notification

Reduces the elapsed time from discovery of a vulnerability to system owner notification and successful mitigation.

Open Reporting Channel

Provides an open channel and legal safe harbor for vulnerability discoverers to report vulnerabilities responsibly.

Resilient Cyberspace Assets

Supports mission resilience by increasing the security and reliability of Department of War cyberspace assets.

Standards Alignment

Aligns with ISO/IEC 29147:2018 and ISO/IEC 30111:2019 for coordinated disclosure and vulnerability handling.

Publications

Monthly Bug Bytes

Bug Bytes is the DC3 Vulnerability Disclosure Program's monthly publication, providing a summary of vulnerability trends, researcher activity, and cybersecurity insights identified through the Department of War Vulnerability Disclosure Program.

Monthly Bug Bytes Publication

Stay informed with the latest vulnerability trends, cybersecurity research, and technical guidance published by the DC3 Vulnerability Disclosure Program.

Each monthly edition highlights vulnerability trends, Common Weakness Enumeration (CWE) analysis, researcher contributions, defensive guidance, and practical recommendations to help strengthen cybersecurity across the Department of War.

What users will find

Vulnerability TrendsMonthly reporting themes, weakness patterns, and remediation awareness.
Researcher InsightsHighlights from ethical hackers and security researchers supporting the mission.
Threat AwarenessContext on emerging vulnerability activity and defensive considerations.
Defensive GuidancePractical recommendations and resources for improving cyber resilience.

Looking for previous reports?

Use the VDP Products page to access current and archived Bug Bytes reports and related VDP publications.

View Bug Bytes Archive

DIB-VDP Program

Learn more about the DIB Vulnerability Disclosure Program and how it supports Defense Industrial Base cybersecurity.

View DIB-VDP Program

Contact VDP

For general Vulnerability Disclosure Program questions, contact the VDP team. This email is not to be used to report vulnerabilities on Department of War networks and systems.

Email: dc3.vdpquestions@us.af.mil
Follow us on X: @DC3VDP