UK government's Vulnerability Monitoring System is working - fixes flow far faster
The Register
March 2, 2026
AI-Generated Deep Dive Summary
The UK government's Vulnerability Monitoring System (VMS) has significantly improved the speed at which DNS vulnerabilities are identified and remediated in public sector websites. Previously taking an average of 50 days to address such issues, VMS now reduces this timeframe to just eight days. Launched as part of the Blueprint for Modern Digital Government in January 2025, the system uses automated scanning tools to detect vulnerabilities across nearly 6,000 public sector websites. It has also cut the backlog of critical domain-related vulnerabilities by 75% and resolves around 400 confirmed vulnerabilities each month. The system's rapid response times are attributed to its ability to constantly scan for over 1,000 different vulnerabilities, ensuring that weaknesses are addressed before potential exploitation.
The VMS has not only streamlined the identification of DNS issues but also reduced the median time to fix other vulnerabilities from 53 days to 32 days. This improvement underscores the government's commitment to enhancing cybersecurity in public services. Minister for Digital Government Ian Murray highlighted the importance of this system, emphasizing its role in protecting sensitive data and essential services. He also announced a new career pipeline aimed at attracting security professionals to work within the Department for Science, Innovation and Technology (DSIT) and the UK’s National Cyber Security Centre, recognizing the critical need for skilled personnel in safeguarding public infrastructure.
In other tech news, Firefox 148 introduced a notable update with the inclusion of the Sanitizer API, offering enhanced protections against Cross-Site Scripting (XSS) attacks. This new feature specifically targets DOM XSS vulnerabilities by sanitizing potentially harmful HTML content. While it marks progress in browser security, it is important to note that the Sanitizer API does not address reflected or stored XSS attacks, as these are server-side issues beyond the scope of client-side solutions. Firefox remains the first major browser to implement this API, signaling a step forward in addressing some aspects of XSS vulnerabilities.
The US Federal Trade Commission (FTC) announced an exemption under the Children's Online Privacy Protection Act (COPPA) for websites using age verification technology. This decision aims to align regulatory frameworks with modern digital practices, recognizing the growing necessity of age verification tools in online services. However, operators must still adhere to strict guidelines, including informing parents about data collection, avoiding unnecessary retention, and ensuring robust data protection measures.
Finally, a cyber-attack on France's database exposed sensitive financial information, compromising over 1.2 million bank account records. This incident highlights the ongoing challenges in securing critical infrastructure against sophisticated threats, underscoring the importance of proactive cybersecurity measures and rapid response capabilities.
Verticals
tech
Originally published on The Register on 3/2/2026