A Step in the Right Direction: House Passes the Cyber Vulnerability Disclosure Reporting Act
The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.
H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities. Specifically, the mandated report would comprise two parts. First, a “description of the policies and procedures developed [by DHS] for coordinating cyber vulnerability disclosures,” or in other words, how the government reports flaws in computer hardware and software to the developers. And second, a possibly classified “annex” containing descriptions of specific instances where these policies were used to disclose vulnerabilities in the previous year, leading to mitigation of the vulnerabilities by private actors.
Perhaps the best thing about this short bill is that it is intended to provide some evidence for the government’s long-standing claims that it discloses a large number of vulnerabilities. To date, such evidence has been exceedingly sparse; for instance, Apple received its first ever vulnerability report from the U.S. government in 2016. Assuming the report and annex work as intended, the public’s confidence in the government’s ability to “play defense” may actually increase.
The bill has no direct interaction with the new Vulnerabilities Equities Process (VEP) charter, which was announced last November. As we said then, we think the new VEP is probably a step in the right direction, and this bill providers further support for transparency into the government’s handling of vulnerabilities.
As an aside, we question the need to classify the annex describing actual instances of disclosed vulnerabilities. Except maybe under exceptional circumstances, this should be public, especially coming after dubious statements by officials like that by White House Cybersecurity Coordinator Rob Joyce when he said last week that “the U.S. government would never put a major company like Intel in a position of risk like this to try to hold open a vulnerability.” Reassurances like that remain hard to take at face value in light of the NSA’s recent history of sabotaging American companies’ computer security.
We’ll be watching as the bill moves to the Senate.
Source: https://www.eff.org/deeplinks/2018/01/step-right-direction-house-passes-cyber-vulnerability-disclosure-reporting-act
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).
| Online: | |
| Visits: | 1,603,027,741 |
| Stories: | 8,148,725 |
Whistler Blowers, Insiders
