If passed, executive government agencies may not enter into a contract for IT services unless the contractor maintains a vulnerability disclosure policy that describes the process for vulnerability reporting (i.e., where to send the report, what to include in the report, that an individual can report anonymously), does not limit testing solely to entities approved by the contractor (the public can also search for and report a vulnerability), and provides target timelines for resolving a reported vulnerability.
Federal Bill Aims to Improve Contractor Cybersecurity
Related Posts
University of Michigan Data Breach
The recent cyberattack on the University of Michigan, where sensitive employee and student data fell victim to a…
Irish National Police Data Leak Highlights Third-Party Risk
The recent data breach incident involving the Irish National Police. This breach underscores the critical importance of addressing…
California Enacts New Delete Act to Strengthen Data Privacy
We are thrilled to share a significant development in data privacy regulation. California has taken a momentous step…