The National Institute of Standard Technology's (NIST) cybersecurity framework has released a revision (1.1, Draft 2) that includes vulnerability disclosure processes as part of the Framework Core. This addition is a result of an industry effort and was prompted by organizations such as Rapid7, Duo Security, Cisco, Symantec, and Bugcrowd. The revised framework now requires processes to be established for receiving, analyzing, and responding to vulnerabilities disclosed from internal and external sources, including security researchers. This move is seen as a positive step forward in the fight against cyber attacks and is supported by the White House's Federal IT Modernization Report, which positions vulnerability disclosure as the best-practice approach to external security testing for the U.S. Government.