Back in May, Rep Lieu introduced HR 3608, the Improving Contractor Cybersecurity Act. The bill amends 41 USC by adding a new §4715, Vulnerability disclosure policy and program required. It would require all federal information technology contractors to maintain a vulnerability disclosure policy and program.
Lieu is not a member of the House Oversight and Reform Committee to which this bill was assigned for consideration. This means that the Committee is unlikely to take up this bill. I suspect that there would be substantial opposition to this bill from business interests supported by Republican members of the House, and frankly many Democratic members as well. If the bill were considered in Committee, I would not be surprised if there were insufficient votes to see it adopted as introduced.
For a more detailed analysis of the bill requirements and my
observations on the problems with the language, see my analysis at CFSN Detailed
Analysis - https://patrickcoyle.substack.com/p/hr-3608-introduced
- subscription required.
No comments:
Post a Comment