How the NCSC collaborates with industry partners on vulnerability research

NCSC

Engaging the Vulnerability Research community through the Vulnerability Research Initiative is important work for the National Cyber Security Centre (NCSC), but what does it entail? The organisation explains all here.

Vulnerability Research in NCSC

“The NCSC has a team of internal researchers who are experts in common technologies who conduct Vulnerability Research (VR) on a range of technologies and products. This includes the traditional commodity tech that’s ubiquitous across the UK, and very specialised technology only used in a few places.  

“This in-house research makes us better informed about the security of technologies and the difficulty of finding vulnerabilities in the latest and greatest software products.

“It allows us to shape our advice, guidance, and risk mitigations for the implementation of new and existing technologies, and our response to a new vulnerability or cyber incident.

“We work closely with UK government, technology companies, and the wider public to share and implement these insights and strategies.

Working with external experts

“Developing deep understanding and expertise of technologies, security mitigations and products takes time. Technology growth is constant, ever complex, security is improving, and thus VR is getting harder. This means the NCSC demand for VR continues to grow.​​​​​​​  

Introducing the NCSC’s Vulnerability Research Initiative

“The Vulnerability Research Initiative (VRI) is NCSC’s programme of research with external partners on VR.

“The VRI’s mission is to strengthen the UK’s ability to carry out VR. We work with the best external vulnerability researchers to deliver deep understanding of security on a wide range of the technologies we care about.​ 

“The external VRI community also supports us in having tools and tradecraft for vulnerability discovery.

We work closely with industry on tasks to understand: 

  1. The vulnerabilities present in a technology and/or product
  2. The mitigations required to fix the vulnerabilities
  3. How the researchers conduct their research (their tradecraft)
  4. Any tooling they have used to enable their VR

“This successful way of working increases NCSC’s capacity to do VR and shares VR expertise across the UK’s VR ecosystem.

“The VRI core team includes a mix of technical experts, relationship managers and project managers. The core team are responsible for getting requirements from our VR team to our VRI industry partners and monitoring the progress, and outputs, of research.

What happens to our research?

“As well as informing our advice and guidance as the National Technical Authority on cyber security, our research allows us to engage with technology vendors to encourage them to fix the bugs we find and build more secure products.

“Our Equities Process provides a mechanism through which decisions about disclosure are taken. Read more about the Equities Process operated on behalf of the Government by GCHQ.”

To read more NCSC news, click here.

Share
Tweet
Post

Related posts

SITE MENU

Main Menu
Main Menu
Main Menu
Main Menu
Main Menu

READY TO TALK?

BOOK A MEETING

CONTACT US

+31 (0) 53 23 40 650
+44 (0) 7841 693979
sayhello@securityonscreen.com
Security on Screen B.V. Broekhoekweg 34, 7581 PT Losser, The Netherlands
Linkedin Twitter Facebook

FOLLOW US & SUBSCRIBE

Enter your email and subscribe to our newsletter

Copyright © 2022 Security on Screen by the Security Industry Group
Privacy Policy

Scroll to Top