In light of the increase in software supply chain security attacks, Rep. Nancy Mace, RS.C., today announced that it will help federal contractors identify and remediate software vulnerabilities before adversaries can exploit them. proposed a new bill aimed at
The Federal Cybersecurity Vulnerability Mitigation Act will require all federal contractors to implement a Vulnerability Disclosure Policy (VDP) to better protect both public and private sector information systems.
The federal government has long recognized that VDP is one of the most effective ways to retain insight into security vulnerabilities. Indeed, the Office of Management and Budget (OMB) and the Cybersecurity, Infrastructure and Security Agency (CISA) Required Federal agencies plan to develop and publish VDP for Internet-accessible systems in 2020.
However, not all federal contractors are required to implement VDP.of IoT Cybersecurity Improvements Act of 2020 is the only current guideline that applies to certain federal contractors, but not all contractors are required to implement VDP.
Rep. Mace, chairman of the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation, aims to introduce a comprehensive approach to protecting federal systems and data through the new bill. By requiring federal contractors to have her VDP, the bill would ensure continuous monitoring of federal contractors’ business systems and provide clear direction to security researchers to safely disclose vulnerabilities. Become.
Ilona Cohen, chief legal and policy officer at HackerOne, a popular bug bounty program, said, “Rep. It will fill a big gap,” he said.
“Participating in the security research community through VDP is a proven and effective way for federal contractors to identify vulnerabilities in their systems. HackerOne will work with Congress to pass and enforce this bill.” We’re ready,” Cohen added.
Cohen, who previously served as OMB’s general counsel, worked with Rep. Mace to bring the bill to fruition.
“We want to thank Congressman Mace for introducing such an important piece of legislation,” added HackerOne CEO Marten Mikos. “If federal contractors can effectively address security vulnerabilities, all U.S. citizens will be better protected from cyberattacks.”
Congressman Ted Liu, California introduced Similar legislation is expected to be enacted in 2021 through his Contractor Cybersecurity Improvement Act. The law also aims to require vendors considering doing business with the federal government to implement VDP.