This discussion would be a reflection of past public, good and bad, disclosures based on past experiences and data collected by CISA. It would also attempt to highlight vendor disclosure policies, software development lifecycles and describe common asset owner patching cycles from the industrial control system perspective in comparison to researcher disclosure policies.
Jay Angus is a career civil servant and currently the federal lead for Industrial Control System vulnerability management and coordination. He has worked for the federal government for 15 years and spent the past ten years involved in cybersecurity. Specifically the past five years he has worked with the Department of Homeland Security supporting industrial control system operations and vulnerability management.