CISA And NSA Tell Companies How To Handle Bug Reports
The July 15 guidance pushes organizations to publish a defined scope, a public contact, and a safe-harbor pledge for testers.
- CISA and NSA jointly published this coordinated vulnerability disclosure guidance on July 15, 2026.
- The guidance tells organizations to define scope, publish a contact, and set response steps.
- A written safe-harbor pledge, the guidance says, should protect good-faith researchers from legal threats.
Why it matters: The NSA hoards flaws under its own equities process, yet now teaches firms to welcome them from outsiders.
CISA/NSA joint guidance ↗ · Jul 15, 20267/15/26 · ✓ Checked✓ Check