The City of New York is launching a new Vulnerability Disclosure Program (VDP) that will enable the public to chime in on possible vulnerabilities in city-owned websites and systems.
The new effort was announced last week as part of the city’s attempt to implement a new cybersecurity-minded policy that is focused on enticing IT developers and security researchers to help identify vulnerabilities.
“When Mayor Adams signed Executive Order 10, he made cybersecurity a key priority for the Office of Technology and Innovation and for his administration at-large,” said NYC Chief Technology Officer Fraser. “New York City’s Cyber Command is already one of the most talented and robust in the world, and this first-of-its-kind program for New York City will only enhance our security posture and leadership in this space.”
The new program – created in collaboration with the security testing platform Synack – will provide guidelines and rules of engagement for those interested in supplying NYC Cyber Command with possible leads to vulnerabilities.
“New York City Cyber Command is constantly innovating and pushing the boundaries for how we can better protect the city from cyber threats,” said Chief Information Security Officer Kelly Moan.
“By launching the City of New York’s first vulnerability disclosure program, we are leading the charge for state, local, tribal, and territorial government in alignment with the Cybersecurity & Infrastructure Security Agency’s initiatives – ultimately improving New York City’s cyber resilience and keeping New Yorkers safe,” said Moan.
Interested individuals can send their suggestions at the VDP website, where they will be credited with any vulnerability findings if they turn out to be genuine.