Senators draft bill to turn government’s vulnerabilities equities process into law
There’s a bill in the works that would codify the U.S. government’s vulnerabilities equities process into law, CyberScoop has learned. The legislation intends to add clarity, transparency and a level of consistency to the VEP, a secretive framework which guides when and if a federal agency will notify a technology firm of an unknown, exploitable software flaw discovered by the U.S. government. The bill is being sponsored by Sen. Brian Schatz, D-Hawaii, and Sen. Ron Johnson, R-Wis. Spokespeople for both senators confirmed the existence of the bill, but would not provide additional details. The VEP has come under fire in recent years due, at least in part, to the exposure of classified material concerning government hacking operations. Exasperating this situation is the fact that the private sector remains largely in the dark with regard to the VEP’s disclosure criteria and the identify of individuals who sit on its multi-agency review […]
The post Senators draft bill to turn government’s vulnerabilities equities process into law appeared first on Cyberscoop.
Continue reading Senators draft bill to turn government’s vulnerabilities equities process into law