January 18, 2020

siliconANGLE: Draft Directive would force federal agencies to adopt vulnerability disclosure policies

Learn more. 

Acceptto's principal architect chimes in on the FTC and DOJ topics on the new cybersecurity directive.

“It has been proven time and time again that proper disclosure of vulnerabilities is one of the best deterrents to security breaches,” Hatch explained. “Having a vulnerability disclosure policy has long been a standard expected of software companies and extending this from a government perspective will greatly assist and enhance corporations’ awareness around proper disclosure.”

Fausto Oliveira, principal security architect at Cognitive Continuous Authentication provider Acceptto Corp., said that in the past, the Federal Trade Commission and the Department of Justice have encouraged organizations to adopt a Vulnerability Disclosure Policy.

“However, it was merely a recommendation without making a mandatory activity,” Oliveira said. “Without making it a mandatory activity, there will continue to be doubts as to what impact it would have. With this new directive, we are seeing a push to have it made compulsory which will force federal agencies to start researching how a Vulnerability Disclosure Policy would work and how their assets can be categorized inside the context of this policy.”

Read the full article at siliconANGLE.com website.

 

cybersecurity draft directive silicon angle homeland security