- VRI will complement NCSC’s current vulnerability research efforts
- It will be tasked with communicating NCSC’s needs with external experts
- The goal is to understand the flaws, patches, and research methodology
The UK’s National Cyber Security Centre (NCSC) just announced the forming of The Vulnerability Research Initiative (VRI), a new program that will see it partner with third-party cybersecurity experts for vulnerability research in commodity and specialized tech.
In a short announcement published on its website earlier this week, NCSC said it currently operates a team of internal researchers who are experts in common technologies, and who conduct vulnerability research (VR) on a range of technologies and products, from traditional commodity tech, to specialized solutions only used in a few places.
However, the team is unable to keep up with the speed at which the technology industry is changing. New tech is popping up every day, and old tech is evolving beyond recognition, “and thus VR is getting harder”.
Understanding the vulnerabilities
“This means the NCSC demand for VR continues to grow,” NCSC explained.
To tackle the challenge, it decided to create VRI, and bring in third-party help. The program’s goal is to help NCSC’s researchers understand the vulnerabilities present in today’s technologies, the necessary mitigations, how experts conduct their research, and which tools they use in the process.
“This successful way of working increases NCSC’s capacity to do VR and shares VR expertise across the UK’s VR ecosystem,” the press release further reads.
The VRI core team will include technical experts, relationship managers, and project managers, with the core team being responsible for communicating the VR team’s requirements to VRI industry partners and for overseeing the progress and outcomes of the research.
In the (near) future, NCSC will bring in more experts to tackle AI-powered, or otherwise AI-related vulnerabilities. Those who are interested in participating in VRI should reach out to the agency via email at vri@ncsc.gov.uk. The address should not be used for sharing vulnerability reports.
Via BleepingComputer
