Season 3 Episode 19

Melissa Vice on the value of vulnerability disclosure programs

Headshot of Melissa Vice with the U.S. Flag in the background
Melissa Vice

The Department of Defense Cyber Crime Center (DC3) operates a Vulnerability Disclosure Program (VDP) that handles critical cybersecurity issues reported by the public, including using an actual red phone for urgent matters. In the latest episode of WE’RE IN!, Melissa Vice, director of DC3’s VDP, describes how they respond to cyberthreats and collaborate with other groups within the center, such as the Operation Enablement Directorate and cyber forensics laboratory. 

Tune in to hear how the program, which began in 2016 following a successful bug bounty event, has processed over 53,000 reports, 56% of which were actionable, and resulted in nearly 30,000 remediated vulnerabilities.

Listen to learn more about:

  • Why VDP has been recognized by the government as a reliable and economical cybersecurity strategy 
  • How Melissa and her team handled the notorious Log4j vulnerability
  • How DC3 has explored the use of AI and machine learning to enhance capabilities and scale operations