{"id":218367,"date":"2026-05-21T21:28:00","date_gmt":"2026-05-22T01:28:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/21\/cisa-to-allow-researchers-to-report-vulnerabilities-to-exploited-bugs-catalog\/"},"modified":"2026-05-22T00:05:12","modified_gmt":"2026-05-22T04:05:12","slug":"cisa-to-allow-researchers-to-report-vulnerabilities-to-exploited-bugs-catalog","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/21\/cisa-to-allow-researchers-to-report-vulnerabilities-to-exploited-bugs-catalog\/","title":{"rendered":"CISA to allow researchers to report vulnerabilities to exploited bugs catalog"},"content":{"rendered":"<p><a href=\"https:\/\/therecord.media\/cisa-to-allow-researchers-to-report-vulnerabilities-kev\">CISA to allow researchers to report vulnerabilities to exploited bugs catalog<\/a><\/p>\n<p><a href=\"https:\/\/therecord.media\/cisa-to-allow-researchers-to-report-vulnerabilities-kev\">https:\/\/therecord.media\/cisa-to-allow-researchers-to-report-vulnerabilities-kev<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-21 21:28:00<\/a><\/p>\n<p>Source Domain: <a href=\"therecord.media\">therecord.media<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.  The federal cybersecurity agency has created a new pathway for people outside of the U.S. government to report vulnerabilities to its catalog of bugs that have been exploited.\u00a0  The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables \u201cresearchers, vendors, and industry partners\u201d to report bugs that need to be added to the Known Exploited Vulnerabilities catalog \u2014 a key tool that has become a critical resource for the cybersecurity community.  \u201cEvery day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting capability enhances CISA\u2019s ability to identify, validate, and quickly share critical threat information,\u201d said Chris Butera, CISA\u2019s Acting Executive Assistant Director for Cybersecurity.\u00a0  \u201cEarly detection and coordinated vulnerability disclosure are among the most powerful tools we have to reduce risk at scale. CISA strongly encourages researchers and organizations to share vulnerability threats and help us secure the systems Americans rely on every day.\u201d  Experts can now submit vulnerabilities through a nomination form or over email and have to provide information about the bug as well as evidence of its exploitation.\u00a0  The catalog, known colloquially as the KEV, is meant to provide cybersecurity defenders within the federal government with an authoritative list of software and hardware vulnerabilities that need to be patched within a certain time frame \u2014 typically three weeks.\u00a0  It has allowed defenders to focus on remediating vulnerabilities that are being actively exploited by hackers and nation-state actors.\u00a0  The agency said reporting bugs to CISA is \u201cessential to the nation\u2019s cybersecurity posture, helping ensure that exploited vulnerabilities are discovered early, communicated responsibly, and mitigated quickly across federal, private, and critical infrastructure networks.\u201d  Robert Costello, who served as CISA\u2019s chief information officer for nearly five years before leaving in March, said the new submission form is a way for the agency to operationalize its partnership with the cybersecurity research community in a very practical way.  \u201cCrowdsourcing exploitation intelligence through a standardized nomination process means faster KEV additions and, ultimately, faster defensive action across the whole ecosystem,\u201d he said.\u00a0  \u201cIt&#8217;s the right move at the right time, as AI is accelerating both the discovery and exploitation of vulnerabilities at a pace that makes early, coordinated disclosure more critical than ever.\u201d  As the catalog has grown since debuting in 2021, cyber defenders outside of the federal government have adopted it as a reference point to know what bugs are being targeted. Experts found that organizations remediate vulnerabilities added to the KEV 3.5 times faster than non-KEV bugs.  It has become even more critical as defenders figure out how to contend with a growing deluge of AI-discovered vulnerabilities \u2014 many of which are insignificant and unlikely to be exploited.  Qualys\u2019 Mayuresh Dani said CISA previously accepted submissions via email but noted that there were no external reports on how many vulnerabilities were added to the KEV based on submissions to this email address. The new form forces submitters to add critical, detailed information.  \u201cHopefully, this functionality will now provide visibility into what exactly happens post submission,\u201d Dani told Recorded Future News. \u201cWhat needs to be seen is how this information is verified by CISA and what guardrails against incorrect and false reporting are put in by CISA so that only real and validated exploitation observations make it to the KEV list.\u201d\u00a0  Dani added that CISA may be trying to play catch-up because commercial alternatives to the KEV are available and some now consider it a trailing indicator of vulnerability exploitation.  While nearly all bugs initially added to the KEV were given a three-week remediation deadline, the number of vulnerabilities given three-day and even 24-hour patch deadlines has increased in the last year.\u00a0  Earlier this month, Reuters reported that CISA Acting Director Nick Anderson and U.S. National Cyber Director Sean Cairncross floated the possibility of limiting the KEV deadline for all new bugs to just three days out of concern for hackers now using powerful, emerging AI-systems to develop exploits for vulnerabilities in a shorter amount of time.\u00a0  Experts said the new effort to coordinate with the private sector was designed to speed up defense efforts, vulnerability disclosure and exploitation tracking.\u00a0  \u201cImprovements like this can help strengthen the signal quality and timeliness of KEV, which ultimately benefits defenders trying to prioritize real-world risk over theoretical severity,\u201d said JupiterOne\u2019s Chris Doyle.  Get more insights with the Recorded FutureIntelligence Cloud.Learn more.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA to allow researchers to report vulnerabilities to exploited bugs catalog https:\/\/therecord.media\/cisa-to-allow-researchers-to-report-vulnerabilities-kev Publish Date: 2026-05-21&#8230;<\/p>\n","protected":false},"author":1,"featured_media":218368,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cms.therecord.media\/uploads\/cisa_code_background_cdd6a475aa.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-218367","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218367"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=218367"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218367\/revisions"}],"predecessor-version":[{"id":218369,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/218367\/revisions\/218369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/218368"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=218367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=218367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=218367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}