Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.

The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.

Continue reading Vulnerability disclosure policy bill for federal contractors clears Senate panel

Vulnerability disclosure policy bill for federal contractors clears Senate panel

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.

The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.

Continue reading Vulnerability disclosure policy bill for federal contractors clears Senate panel

Vulnerability disclosure policies eyed for federal contractors in Senate bill

The legislation from Sens. Warner and Lankford would require federal contractors to adhere to NIST’s guidelines on VDPs.

The post Vulnerability disclosure policies eyed for federal contractors in Senate bill appeared first on CyberScoop.

Continue reading Vulnerability disclosure policies eyed for federal contractors in Senate bill

Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Congresswoman Nancy Mace has introduced a bill that would require federal contractors to have a Vulnerability Disclosure Policy (VDP).
The post Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies  appeared first on SecurityWeek.
Continue reading Lawmaker Wants Federal Contractors to Have Vulnerability Disclosure Policies 

Empowering the next generation of Android Application Security Researchers

Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships ManagerThe external security researcher community plays an integral role in making the Google Play ecosystem safe and secure. Through this partnership with the commu… Continue reading Empowering the next generation of Android Application Security Researchers

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more. Continue reading How the Pandemic is Reshaping the Bug-Bounty Landscape

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams. Continue reading Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Continue reading It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

Facebook Debuts Third-Party Vulnerability Disclosure Policy

If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public. Continue reading Facebook Debuts Third-Party Vulnerability Disclosure Policy