Bipartisan Bill Would Codify Vulnerabilities Equities Process, Make It Transparent
Legislation to codify a government process for stockpiling and disclosing software and hardware vulnerabilities and make it transparent and accountable was introduced Wednesday by a bipartisan, bicameral group of lawmakers. Sponsor Sen. Brian Schatz, D-Hawaii, said in a news release…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
the Protecting our Ability to Counter Hacking (Patch) Act codifies the vulnerabilities equities process (VEP) and "will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.” VEP is a framework that guides agencies, which independently discover or acquire flaws from third parties, to determine whether to notify vendors so they can fix it. Senate Homeland Security Committee Chairman Ron Johnson, R-Wis., said the WannaCry ransomware attacks shows why government and the private sector need to work together (see 1705150008). Sen. Cory Gardner. R-Colo., and Reps. Blake Farenthold, R-Texas, and Ted Lieu, D-Calif., are co-sponsors of the bill. Information Technology and Innovation Foundation Vice President Daniel Castro said in a statement that VEP is broken and the bill would balance security and economic interests and disclose flaws to companies more quickly so patches can be developed sooner. Public Knowledge Cybersecurity Policy Director Megan Stifel said the bill would "enhance trust in the internet and internet-enabled devices."