Cabinet Office signs deal for centralised triaging of hundreds of government’s online vulnerabilities


Using a service newly established in government, almost 1,000 reports of security weaknesses in government sites are filed by expert researchers each year– many of which identify potential critical issues

The Cabinet Office has awarded a six-figure contract for a supplier to triage the hundreds of vulnerabilities identified on government websites by expert researchers each year.

The department’s Government Security Group unit is taking over responsibility for a Vulnerability Reporting Service (VRS) that was previously housed in the GCHQ-based National Cyber Security Centre and operated on a trial basis.

The transition into a long-term platform run from Whitehall – by a newly created Government Cyber Coordination Centre (GC3) – was first proposed in the Government Cyber Security Strategy published in 2022. According to commercial documents published by the Cabinet Office, the VRS is intended to “coordinate vulnerability disclosure across the government by establishing a central” hub for reports.

The service provides an online means for cyber researchers to tell government about vulnerabilities they have identified. According to the Cabinet Office, in 2022 the system “received 989 valid reports and helped to remediate 440 vulnerabilities across 237 individual UK government organisations”. About four in five vulnerabilities identified via the reporting process were considered to be of “critical” or “high” severity.

A key part of this process is the initial triage stage. This process requires the VRS team to “establish that reported severity and impact are realistic and accurate, and ensure correct prioritisation and escalation”. Once a vulnerability has been triaged, Cabinet Office security professionals may then “encourage and, [where] necessary, mandate departments to fix vulnerabilities”.

The department aims to provide these reports to departments within one week of the vulnerability being reported.


Related content


Cyber services firm Loqiq Consulting has been appointed to an initial one-year contract to fulfil the triage procedure. The company entered into an agreement with the Cabinet Office at the start of this month. The deal will be worth £227,774 – or double this amount, if the department decides to take advantage of an optional one-year extension.

Given the nature of the engagement, the engagement places some additional security requirements on the supplier – beyond standard government contractual terms. This includes going through annual IT health checks and the use of a “protective monitoring system”. The company, and any subcontractors working on its behalf, is also obligated to ensure all government data is encrypted.

The contract notice indicated that Logiq may be required to deliver as many as 200 triage reports each month and will be expected to support the Government Security Group in maintaining the current service levels of resolving 70% of issues within 30 days, and an overall remediation rate of at least 90%.

“The GC3 is being developed to focus upon cross government data sharing and analysis of data to inform decision making,” the notice added. “The VRS is a key component of providing GC3 with the data and processes to improve resilience to public facing services and systems across government, and establishment of the VRS was included as a key deliverable within the [Government Cyber Security’] strategy. Failure to maintain a VRS for government organisations presents an unacceptable level of operational and reputational risk. If we do not offer the ability for external researchers to report vulnerabilities once identified, we risk these being exploited by malicious attackers; 80% of vulnerabilities reported in 2022 were rated ‘critical’ or ‘high’ severity, meaning that the likelihood of exploitation and the impact once exploited would have been very significant. We also risk significant reputational damage if researchers choose to release their findings into the public domain.”

The service advises those filing a vulnerability report that they “are welcome to enquire on the status but should avoid doing so more than once every 14 days, [as ] this allows our teams to focus on the remediation”.

“We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately,” the service’s homepage states. “Once your vulnerability has been resolved, we welcome requests to disclose your report. We’d like to unify guidance to affected users, so please do continue to coordinate public release with us.”

Sam Trendall

Learn More →

23 thoughts on “Cabinet Office signs deal for centralised triaging of hundreds of government’s online vulnerabilities

  1. 동두천콜걸출장섹스마사지 November 15, 2024 at 8:22 am

    https://mythings.tistory.com/96

  2. 춘천콜걸출장섹스마사지 November 26, 2024 at 10:15 pm

    이태원게이바

  3. 강남출장섹스마사지 November 27, 2024 at 7:05 pm

    아름다운스웨디시업소

  4. 춘천콜걸출장섹스마사지 November 28, 2024 at 4:21 am

    https://klero.tistory.com/tag/정찬성20파이트머니

  5. 전주콜걸출장섹스마사지 November 28, 2024 at 8:18 pm

    안성출장마사지

  6. 춘천콜걸출장섹스마사지 November 29, 2024 at 3:04 am

    울산콜걸

  7. 송도출장섹스마사지 December 1, 2024 at 5:58 am

    https://www.pornhub.com/view_video.php?viewkey=ph5e7df37a9faf5

  8. 청송콜걸출장섹스마사지 December 1, 2024 at 8:17 pm

    https://pornmaster.fun/hd/foreign-vi

  9. 안동콜걸출장섹스마사지 December 2, 2024 at 1:49 pm

    https://pornmaster.fun/hd/xxmalu

  10. 강릉콜걸출장섹스마사지 December 3, 2024 at 3:10 am

    https://pws1999.tistory.com/29

  11. 통도사출장섹스마사지 December 3, 2024 at 6:54 pm

    https://mrdeeply.tistory.com/435

  12. 통도사콜걸출장섹스마사지 December 4, 2024 at 3:25 am

    대전호박나이트

  13. 강남출장섹스마사지 December 4, 2024 at 6:41 pm

    https://itlearn.kr/파워포인트-무료설치-다운로드-방법/

  14. 서동탄출장섹스마사지 December 6, 2024 at 7:44 am

    벼룩시장 구인구직 및 신문 그대로 보기 (PC/모바일) | 구인구직 앱 어플 무료 설치 다운로드 | 모바일 벼룩시장 보는 방법 | 벼룩시장 부동산 | 지역별 벼룩시장 | 벼룩시장 종이신문 에 대해 알아보겠습니다. 섹스카지노사이트

  15. 춘천출장섹스마사지 December 6, 2024 at 5:30 pm

    수원출장샵

  16. 신림동콜걸출장섹스마사지 December 7, 2024 at 7:14 pm

    강남콜걸

  17. 서천출장섹스마사지 December 9, 2024 at 10:35 pm

    양산시술출장마사지

  18. 이태원콜걸출장섹스마사지 December 10, 2024 at 9:38 pm

    https://itlearn.kr/

  19. 상월동출장섹스마사지 December 11, 2024 at 6:57 pm

    https://itgunza.com/522

  20. Beauty Fashion December 12, 2024 at 12:55 pm

    Hey there, You’ve done an excellent job. I will definitely digg it and personally suggest to my friends. I am sure they’ll be benefited from this site.

  21. 마천출장섹스마사지 December 12, 2024 at 8:37 pm

    https://honeytiplabs.com/아이폰-와이파이-연결-안됨/

  22. 수서역출장섹스마사지 December 13, 2024 at 4:29 am

    https://ajaedotcom.tistory.com/48

  23. 강남출장성매매업소마사지 December 13, 2024 at 8:09 am

    강남콜걸

Leave a Reply

Your email address will not be published. Required fields are marked *