DOD VULNERABILITY MANAGEMENT
|Publication Date:||15 September 2020|
In accordance with the authority in DoD Directive 5144.02, this issuance:
• Establishes policy, assigns responsibilities, and provides procedures for DoD vulnerability management and response to vulnerabilities identified in all software, firmware, and hardware within the DoD information network (DODIN).
• Establishes a uniform DoD Component-level cybersecurity vulnerability management program based on federal and DoD standards.
• Establishes policy and assigns responsibilities for the DoD Vulnerability Disclosure Program (VDP).
• Establishes policy, assigns responsibilities, and provides procedures for DoD's participation in the Vulnerabilities Equities Process (VEP), in accordance with the Vulnerabilities Equities Policy and Process for the U.S. Government (USG).