UK launches new Vulnerability Research Institute to protect critical infrastructure and UK business

News
By published

It seems internal experts cannot handle the load

Security
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • VRI will complement NCSC's current vulnerability research efforts
  • It will be tasked with communicating NCSC's needs with external experts
  • The goal is to understand the flaws, patches, and research methodology

The UK’s National Cyber Security Centre (NCSC) has announced the forming of The Vulnerability Research Initiative (VRI), a new program which will see it partner with third-party cybersecurity experts for vulnerability research in commodity and specialized tech.

The NCSC said it currently operates a team of internal researchers who are experts in common technologies, and who conduct vulnerability research (VR) on a range of technologies and products, from traditional commodity tech, to specialized solutions only used in a few places.

However, the team is unable to keep up with the speed at which the technology industry is changing. New tech is popping up every day, and old tech is evolving beyond recognition, “and thus VR is getting harder”.

Understanding the vulnerabilities

“This means the NCSC demand for VR continues to grow,” NCSC explained.

To tackle the challenge, it decided to create VRI, and bring in third-party help. The program’s goal is to help NCSC’s researchers understand the vulnerabilities present in today’s technologies, the necessary mitigations, how experts conduct their research, and which tools they use in the process.

“This successful way of working increases NCSC’s capacity to do VR and shares VR expertise across the UK’s VR ecosystem,” the press release further reads.

The VRI core team will include technical experts, relationship managers, and project managers, with the core team being responsible for communicating the VR team's requirements to VRI industry partners and for overseeing the progress and outcomes of the research.

In the (near) future, NCSC will bring in more experts to tackle AI-powered, or otherwise AI-related vulnerabilities. Those who are interested in participating in VRI should reach out to the agency via email at vri@ncsc.gov.uk. The address should not be used for sharing vulnerability reports.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.