Walden, Thune Want Additional Cyber Vulnerability Disclosure Improvements
Imprecise language within coordinated vulnerability disclosure (CVD) procedures can give industry and the public a false sense of security, House and Senate Commerce Committee leaders wrote the CERT Coordination Center Tuesday. The letter from House Commerce Committee Chairman Greg Walden,…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
R-Ore., and Senate Commerce Committee Chairman John Thune, R-S.D., follows a recent Senate hearing on Spectre and Meltdown vulnerabilities (see 1807110059). Failing to coordinate the CVD process and give timely notice for industry to test patches “extensively before applying them can significantly increase” vulnerability risks, the lawmakers wrote. “CVD remains a complex and constantly evolving concept, and as should be expected from one of this size and scale, the Spectre and Meltdown CVD showed that additional improvements can and should be made.”