New draft NIST doc on govt vuln disclosure policies

In the US, there has been a growing effort for US government agencies to have vulnerability disclosure policies. This was codified into law, and the National Institute of Standards and Technology was directed to establish guidelines.

The first draft has been published, as NIST Special Publication 800-216. They are looking for comments and feedback, and I strongly encourage the community to offer feedback, either as individuals, or as a collective of experts.

The draft is here:

I work closely with the NIST team, but am happy to help offer advice on how to share feedback constructively, and frame your comments to have maximum impact.


Hi Allan, do you think the folks at NIST would be open to receiving feedback from researchers such as myself in Canada with expertise on government vulnerability disclosure policies?

If so, I would also be interested in taking you up on your offer to help folks provide feedback constructively / framing comments to have maximum impact! May write you elsewhere in case you don’t reply here.