UK government's automated Vulnerability Monitoring System has dramatically reduced DNS vulnerability remediation times from 50 to 8 days, while Firefox 148 adds XSS protections and the FTC exempts some COPPA data collection for age verification.
The UK government's automated Vulnerability Monitoring System has dramatically improved cybersecurity response times across public sector websites, reducing DNS vulnerability remediation from an average of 50 days to just eight, according to the Department for Science, Innovation and Technology (DSIT).
The system, introduced as part of the Blueprint for Modern Digital Government delivered in January 2025, constantly scans approximately 6,000 websites hosted by UK public sector agencies. It's configured to check for around 1,000 different vulnerabilities using a combination of commercial and proprietary scanning tools.
Beyond DNS improvements, the Vulnerability Monitoring System has cut the median time to fix other security issues from 53 days to 32 days. The backlog of critical open domain-related vulnerabilities has been reduced by 75 percent, with around 400 confirmed vulnerabilities resolved monthly since the system's inception.
Minister for Digital Government Ian Murray emphasized the practical impact of these improvements, noting that "cyber-attacks aren't abstract threats – they delay NHS appointments, disrupt essential services, and put people's most sensitive data at risk." The minister also announced a new career pipeline to attract security professionals to the DSIT and the UK's National Cyber Security Centre, aiming to "protect the services that matter most to people's lives."
In related cybersecurity developments, Mozilla has introduced cross-site scripting protections in Firefox 148 through the new Sanitizer API. This feature strips potentially malicious HTML of its harmful capabilities, leaving only plain web content. The API works by replacing innerHTML assignments with setHTML() and can be applied to existing code when permitted.
However, the Sanitizer API addresses only DOM XSS attacks, which occur client-side. It cannot prevent reflected or stored XSS attacks, which are server-side vulnerabilities. Mozilla notes that Firefox is the first browser to ship with this capability.
Meanwhile, the US Federal Trade Commission has announced it won't pursue enforcement action under the Children's Online Privacy Protection Act (COPPA) for website operators using age verification technology that collects minors' personal information. This exemption applies provided operators handle the data properly, notify parents about data collection purposes, don't disclose the information, retain it only "longer than necessary," and protect the data.
FTC consumer protection bureau chief Christopher Mufarrige stated that the agency believes age verification technology should be an exception under COPPA rules, which were enacted in 1998 and haven't kept pace with modern digital realities. "Our statement incentivizes operators to use these innovative tools, empowering parents to protect their children online," Mufarrige said.
The cybersecurity landscape continues to evolve rapidly, with organizations balancing security requirements against practical implementation challenges and regulatory compliance.
Comments
Please log in or register to join the discussion