In June 2021, the GTA Office of Information Security (OIS) officially launched the state of Georgia vulnerability disclosure program (SOG VDP) in partnership with the State Cybersecurity Board and the Georgia Cyber Center. SOG VDP authorizes "good faith security research" and provides a "safe harbor" reporting mechanism to researchers for reporting vulnerabilities to appropriate agency contacts. OIS leverages private partnerships to add researchers to the SOG VDP platform. Researcher membership is invitation only.
Per State Cybersecurity Board-approved policy, OIS may add executive branch state agency domains and public facing web application assets to the scope of the program at any time. OIS is responsible for sharing reported vulnerabilities with agency contacts in a timely manner. Vulnerability remediation is tracked in accordance with state risk acceptance policies.
For additional information, please see the SOG VDP policy, PS-21-001.