Over the weekend a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors was announced. Referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST). Organizations that have implemented Vulnerability Disclosure Policies (VDP) provide researchers with the means to submit reports of vulnerabilities within their software products, to address them before they are exploited in attacks. Receiving vulnerability reports, the senators argue, allows developers and service providers to become aware of issues, yet federal contractors are not required to have VDPs, albeit civilian federal agencies are.

Read more: https://www.securityweek.com/bipartisan-bill-to-tighten-vulnerability-disclosure-rules-for-federal-contractors/