WASHINGTON, DC - Bicameral leaders today sent a letter to the CERT Coordination Center (CERT-CC) following up on concerns raised about coordinated vulnerability disclosure (CVD) practices amid the Spectre and Meltdown cybersecurity vulnerabilities.
House Energy and Commerce Committee Chairman Greg Walden (R-OR) and Senate Commerce, Science, and Transportation Committee Chairman John Thune (R-SD) today wrote to CERT-CC about the coordination of the CVD process and other issues involving imprecise language that could give both companies and users a false sense of security. The House Energy and Commerce Committee and Senate Commerce Committee initially sent letters to affected companies on the public disclosure of the Spectre and Meltdown chip vulnerabilities earlier this year.
“Failure to adequately coordinate the CVD process and provide timely notice to companies that need to test patches extensively before applying them can significantly increase the risks associated with the vulnerabilities," wrote Walden and Thune.
The leaders continued, “CVD remains a complex and constantly evolving concept, and as should be expected from one of this size and scale, the Spectre and Meltdown CVD showed that additional improvements can and should be made."
