YYaaa News

White House says GOLD EAGLE is a first — daily operator and patched vulnerabilities undisclosed

TL;DR

The White House launched GOLD EAGLE on July 14 but named no daily operator, participating companies or patched flaws.

The White House launched GOLD EAGLE on July 14 and described it as the first system to collect, prioritize and coordinate remediation of cybersecurity vulnerabilities found by government, AI developers, open-source software organizations and critical-infrastructure operators. It said the system had begun processing cross-industry submissions but published no count, participating companies or completed patches.

GOLD EAGLE was established under Executive Order 14409, signed by Donald Trump on June 2. The White House named Treasury, CISA within the Department of Homeland Security, the Department of War and the Office of the National Cyber Director as participants. Its tasks include reducing duplicate scanning and providing threat and remediation information to federal and private-sector defenders.

Reuters reported that advanced AI developers would share vulnerability information with essential-service providers in finance, healthcare and energy. National Cyber Director Sean Cairncross did not name the developers. Nextgov reported that the announcement did not identify the daily operator, explain protection of sensitive vulnerability data, or define GOLD EAGLE's relationship with CISA disclosure programs, CVE and NIST's National Vulnerability Database.

The White House said partners had built a system to receive and patch vulnerabilities. Nextgov reported that the public documents describe a coordination mechanism and do not mention authority to compel companies to patch. The launch announcement named no participating company and listed no patched vulnerability.

via Nextgov / White House / Reuters
白宮稱首次啟動 GOLD EAGLE|AI 漏洞協調機制未公布營運機關