CISA selects Bugcrowd and EnDyna to launch its VDP platform

The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the US government, has selected Bugcrowd to launch its first federal civilian enterprise-wide crowdsourced vulnerability disclosure policy (VDP) platform in support of Binding Operational Directive (BOD) 20-01.

CISA, through the Cybersecurity Quality Services Management Office, is partnering with Bugcrowd and EnDyna – a government contractor that provides technology-based solutions.

CISA will offer this VDP platform service to Federal Civilian Executive Branch (FCEB) agencies which will set a new precedent for federal civilian enterprise-wide security. FCEB agencies will now be able to coordinate with the civilian hacker community. The VDP platform enables agencies to identify and monitor vulnerabilities in critical systems, by receiving security feedback from uniquely-skilled ethical hackers around the world.

CISA’s BOD 20-01, which requires all FCEB agencies to develop and publish a VDP, has opened the door for federal agencies to work with Bugcrowd’s proven crowdsourced cybersecurity platform.

This will give agencies access to the same commercial technologies, expertise, and global community of helpful ethical hackers currently used to identify security gaps for enterprise businesses. Partnering with Bugcrowd, EnDyna is awarded a one year contract with four option years which will provide a key Software as a service (SaaS) component to CISA’s VDP platform.

Bugcrowd’s unmatched triage and community management services deliver an 96% signal-to-noise ratio and its CrowdControl Platform provides contextual vulnerability intelligence and management to reduce risk faster and drive better decisions.

In addition to the CISA-funded VDP platform service, FCEB agencies can also accelerate digital transformation strategies and implement their own bug bounty programs from Bugcrowd and EnDyna, enabling them to ensure that security assessments become part of their software development lifecycle (SDLC), also commonly called as “Shifting Left.”

“As seen in the commercial and defense sectors, crowdsourced cybersecurity and vulnerability disclosure programs are a critical safeguard in helping reduce the risk of breach,” said Ashish Gupta, CEO and President of Bugcrowd.

“The need for cyber resilience and risk management is unprecedented in today’s digitally connected world and the partnership between CISA and Bugcrowd provides the most powerful crowdsourced cybersecurity platform solution to address the government’s growing need for contextually intelligent security assessments to protect its vast attack surface. We are honored to be the first crowdsourced cybersecurity vendor to work with CISA on an FCEB-wide proactive defense strategy through our VDP solution.”

“We are firmly committed to enhancing government defenses and improving security operations across network infrastructures,” said Ashok Siddhanti, CEO of EnDyna. “Our fundamental goal is to radically improve the FCEB’s ability to detect and remediate security gaps within these respective agencies’ digital infrastructures, and we look forward to working with Bugcrowd to advance government security.”