Rep. Ted Lieu, D-Calif., has introduced a bill that would task vendors to have their software products undergo vulnerability assessments by ethical hackers.
The Improving Contractor Cybersecurity Act would impose compliance with vulnerability disclosure policies (VDP), which lets security researchers study and report vulnerabilities of technologies to be purchased by agencies, Lieu's office said Tuesday.
“They (VDPs) allow security researchers to find software vulnerabilities and notify owners before they can be exploited by bad actors," Lieu said.
The Institute for Critical Infrastructure Technology, Electronic Privacy Information Center, HackerOne and various cybersecurity executives support the newly presented bill.
“Vulnerability discovery and responsible disclosure of the kind championed by this bill is a foundational part of a more secure cyber ecosystem and helping to prevent malicious actor’s exploiting our government and private sector systems.” said Chris Painter, who formerly served as the State Department's coordinator for cyber issues.
If you want to learn more about federal cybersecurity policies, check out the 2021 Cybersecurity Maturity Model Certification Forum. Click here to register.
