Feds may have to explain knowledge of security holes – if draft law comes into play

www.theregister.co.uk | 1/12/2018 | Staff
Click For Photo: https://regmedia.co.uk/2015/09/22/malware_security_648.jpg?x=1200&y=794

The US House of Representatives this week approved a bill that, given further legislative and executive branch support, will require the American government to account for its handling of software and hardware vulnerabilities.

The "Cyber Vulnerability Disclosure Reporting Act," sponsored by Rep Sheila Jackson Lee (D-TX), requires the Department of Homeland Security to issue "a report that contains a description of the policies and procedures developed for coordinating cyber vulnerability disclosures."

US - Government - Detail - Vulnerabilities - Advocacy

The US government has not provided much detail about how it handles vulnerabilities that it becomes aware of, and advocacy organizations like the Electronic Frontier Foundation argue that more transparency is needed to debate the consequences of vulnerability research and disclosure.

"Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities," said EFF attorneys Nate Cardozo and Andrew Crocker in a blog post on Friday.

US - National - Security - Agency - Vulnerabilities

The US National Security Agency has said it discloses most of the vulnerabilities it finds, more or less.

"Historically, the NSA has released more than 91 per cent of vulnerabilities discovered in products that have gone...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!