Walden, Thune Want Additional Cyber Vulnerability Disclosure Improvements

Imprecise language within coordinated vulnerability disclosure (CVD) procedures can give industry and the public a false sense of security, House and Senate Commerce Committee leaders wrote the CERT Coordination Center Tuesday. The letter from House Commerce Committee Chairman Greg Walden, R-Ore., and Senate Commerce Committee Chairman John Thune, R-S.D., follows a recent Senate hearing on Spectre and Meltdown vulnerabilities (see 1807110059). Failing to coordinate the CVD process and give timely notice for industry to test patches “extensively before applying them can significantly increase” vulnerability risks, the lawmakers wrote. “CVD remains a complex and constantly evolving concept, and as should be expected from one of this size and scale, the Spectre and Meltdown CVD showed that additional improvements can and should be made.”