The American state of Maryland has launched a large-scale campaign Vulnerability Disclosure Program (VDP) to empower ethical hackers to probe systems across government for flaws and vulnerabilities and provide them with secure, simple and transparent reporting mechanisms.
A program that will be managed using a bug bounty and VDP program specialists in crowd of bugswill give Maryland access to a well-established hacker community, proven workflows, and scalable reporting infrastructure. State leaders said the work would increase hacker participation, improve efficiency in triaging vulnerabilities and allow internal IT teams to focus on fixing problems while maintaining value for state taxpayers.
I am writing on LinkedInActing Maryland CISO James Saunders said, “Cybersecurity is often referred to as a team sport. I believe deeply and, more importantly, we are all on the same team. If you see something unsafe, report it. Every observation helps us strengthen our defenses and improve together.”
“At its core, cybersecurity has always been about people. Technology matters, but trust, communication and shared responsibility matter more. These efforts remind us that when we collaborate, learn and protect each other, we make Maryland stronger – together!”
Maryland is not the first American jurisdiction to implement such a program. California, Iowa, Ohio, Delaware, Minnesota, Idaho, New Jersey, Los Angeles and Washington, D.C. also use such schemes, but the creation of VDPs now partly reflects a growing trend for state governments to take more responsibility for their own affairs as a way to reduce operating costs. federal government shutdown continue.
Concerns continue to grow in the cybersecurity sector following reduction of the Cybersecurity and Infrastructure Security Agency (CISA), which critics of the Trump administration say limits the U.S. ability to respond to cyber threats both within its borders and on the global stage.
In recent days, CISA, which is part of the Department of Homeland Security, has faced massive layoffs in its stakeholder relations division. according to our sister's title Dive into Cybersecurity. Citing sources familiar with the matter, he said the latest cuts will effectively leave departments that interact with academic institutions, CNI operators, government agencies, nonprofits, small and medium-sized businesses, and state and local governments without staff.
Mandatory exchange of information
Meanwhile, in addition to the new VDP, Maryland is expanding its own Information Sharing and Analysis Center (MD-ISAC), requiring participation from all state agencies, local governments, critical infrastructure operators and private sector partners operating in the state.
Saunders said real-time collaboration and trusted information sharing “are essential to our collective resilience in today's rapidly changing cyberspace.”
A series of “critical cybersecurity incidents” underscored that Maryland lacks a single, secure and universal channel for the timely dissemination of sensitive threat information and incident details, state leaders said.
Mandatory participation will provide covered entities with access to a repository of threat indicators, allowing cyber teams to investigate new threats and enhance detection and prevention capabilities; outline specific threat intelligence related to patterns, trends, and anomalies observed in Maryland's own systems; and opportunities for ongoing threat sharing cooperation.
Maryland officials point to earlier bug bounty pilot programs, in which researchers identified dozens of problems, as evidence that participation from the hacking community clearly reduces risk, said Noelle Murata, a senior security engineer at the company. XcapeManaged Security Service Provider (MSSP).
“With James Saunders recently named state CISO, the project offers a push to standardize acceptance, safe harbor reporting and remediation across agencies. The joint goal of VDP and MD-ISAC is to turn special findings into statewide speeding warnings and effective legal remedies.”
“Maryland's message to advocates and researchers is simple: If you see something, say something, and together we will fix it quickly,” she said.
