Hello, Guest!

Cybersecurity

House Oversight Committee Chair Eyes VDP Requirements for Government Contractors

Vulnerability disclosure

policies

House Oversight Committee Chair Eyes VDP Requirements for Government Contractors

Rep. Nancy Mace, the chair of the House Oversight Committee Cybersecurity Subcommittee, has introduced the Federal Cybersecurity Vulnerability Reduction Act, which would require federal contractors to implement vulnerability disclosure policies. VDPs indicate how security researchers should notify organizations when potential exploits are discovered and what rewards can be obtained.

Mace explained that mandating every contractor to enact policies consistent with National Institute of Standards and Technology guidelines ensures a proactive cybersecurity approach.

Under Mace’s bill, NIST and the Cybersecurity and Infrastructure Security Agency would work with the Office of the National Cyber Director to undertake a review of federal contract requirements and language for VDP and suggest updates. The legislation specified that the contracting procedures of the Department of Defense’s VDP initiative would be reviewed.

HackerOne, a cybersecurity company that has supported DOD’s VDP and bug bounty efforts, contributed to the legislation. According to Ilona Cohen, the company’s chief legal and policy officer, VDPs are a proven way of identifying software exploits, The Record reported.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity