Established in 2016 by the Secretary of Defense, the Vulnerability Disclosure Program (VDP) operates to strengthen the security of the DoD Information Network (DoDIN) by providing an additional layer to the defense-in-depth cybersecurity strategy.
The DOD VDP mission is to function as the single focal point for receiving vulnerability reports and interacting with crowd-sourced cybersecurity researchers supporting the DoDIN 1. This improves network defenses and enhances mission assurance, by embracing a previously overlooked yet indispensable resource; private-sector white hat researchers. In January 2021, the DoD VDP scope was officially expanded from public facing websites to all public facing information systems throughout the DoD. This broadens the protection for the DOD attack surface and safe harbor for researchers, while providing more asset and technology security. The success of the program relies solely on expertise and support from the security researcher community which contributes to the overall security of the DoD.
DoDIN information technologies, services, and systems provide critical capabilities to all military service members, their families, veterans, DoD civilians and contractors. Ultimately, VDP will drive an increase in the DoDIN’s cyber hygiene with the objective of ensuring DoD can accomplish its mission to defend the United States of America.
VDP Fact Sheet VDP Annual Reports VDP Bug Bytes VDP News