UK’s National Cyber Security Centre (NCSC) has announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.
The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve discovery and sharing of critical insights with the community more expeditiously.
The NCSC is the UK’s cybersecurity authority, tasked to protect from cyber threats targeting the country’s critical infrastructure, government, businesses, and citizens.
To fulfill this mission, the agency publishes alerts, cybersecurity guidance, and threat analysis, provides support in incident response, and coordinates related activities with public, private, and international partners.
The VRI is a structured collaboration between the NCSC and external cybersecurity researchers to improve the UK’s capabilities in identifying and understanding software and hardware vulnerabilities.
“The Vulnerability Research Initiative (VRI) is NCSC’s programme of research with external partners on VR,” reads the agency’s announcement.
“The VRI’s mission is to strengthen the UK’s ability to carry out VR. We work with the best external vulnerability researchers to deliver a deep understanding of security on a wide range of technologies we care about.”
NCSC will partner with skilled external vulnerability researchers who will be given objectives to identify flaws in specific products of interest, assess proposed mitigations, and finally disclose the flaws through the ‘Equities Process’ procedure.
The researchers will also submit to the NCSC details about the tools they used and the methodologies they followed during their VR activities, to help develop a framework of effective practices.
NCSC states that it plans to involve more experts in emerging specialized areas such as AI-powered vulnerability discovery.
Interested security specialists are invited to email at vri@ncsc.gov.uk with their skills and focus areas.
The email address address should not be used for sending full vulnerability reports, the agency notes. NCSC recommends using this portal to report a vulnerability instead.
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
