Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]
The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.
Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles→