CISA to allow researchers to report vulnerabilities to exploited bugs catalog

Staff Editor 2026-05-21
CISA to allow researchers to report vulnerabilities to exploited bugs catalog

CISA to allow researchers to report vulnerabilities to exploited bugs catalog

https://therecord.media/cisa-to-allow-researchers-to-report-vulnerabilities-kev

Publish Date: 2026-05-21 21:28:00

Source Domain: therecord.media

The federal cybersecurity agency has created a new pathway for people outside of the U.S. government to report vulnerabilities to its catalog of bugs that have been exploited. 

The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog — a key tool that has become a critical resource for the cybersecurity community.

“Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA’s ability to identify, validate, and quickly share critical threat information,” said Chris Butera, CISA’s Acting Executive Assistant Director for Cybersecurity. 

“Early detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.”

Experts can now submit vulnerabilities through a nomination form or over email and have to provide information about the bug as well as evidence of its exploitation. 

The catalog, known colloquially as the KEV, is meant to provide cybersecurity defenders within the federal government with an authoritative list of software and hardware vulnerabilities that need to be patched within a certain time frame — typically three weeks. 

It has allowed defenders to focus on remediating vulnerabilities that are being actively exploited by hackers and nation-state actors. 

The agency said reporting bugs to CISA is “essential to the nation’s cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical…

Source

More Stories

The EU seeks to reduce its reliance on US AI in cybersecurity

The EU seeks to reduce its reliance on US AI in cybersecurity

Staff Editor 2026-05-22
The EU seeks to reduce its reliance on US AI in cybersecurity

The EU seeks to reduce its reliance on US AI in cybersecurity

Staff Editor 2026-05-22
Comment: Why cybersecurity matters – Healthcare Today

Comment: Why cybersecurity matters – Healthcare Today

Staff Editor 2026-05-22

Terms and Conditions - Privacy Policy