New legislation seeks vulnerability disclosure for federal contractors

Federal contractors would be required to implement vulnerability disclosure policies following the suit of federal agencies under the Federal Cybersecurity Vulnerability Reduction Act proposed by Rep. Nancy Mace, R-S.C., which comes amid mounting federal government efforts to bolster the security of sensitive data in contractor-owned systems, reports FedScoop. Under the new legislation, the Office of Management and Budget and the leaders of the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Office of the National Cyber Director will be mandated to provide requirement recommendations to the Federal Acquisition Regulation Council. However, VDP requirements could be waived by chief information officers should they affect national security, according to the bill, which also includes Defense Department responsibilities. HackerOne CEO Marten Mickos has expressed support for the bill. "When federal contractors can effectively address security vulnerabilities, every U.S. citizen will be better protected against cyberattacks," said Mickos.