WASHINGTON, DC - The House Energy and Commerce Committee, chaired by Rep. Greg Walden (R-OR), today released a white paper detailing the committee’s investigation and recommendations regarding coordinated vulnerability disclosure (CVD) cybersecurity practices.
The committee offers two main recommendations to support public and private sector organizations in their adoption of CVD programs as part of their cybersecurity risk management strategies.
1. Congress should explore ways to clarify the differences between “hacking" and CVD practices, to incentivize organizations to adopt CVD programs, and to offer protections to CVD participants who perform CVDs in accordance with modern best practices.
2. Congress should explore ways to encourage federal agencies and private sector stakeholders to address and minimize the negative public responses to CVDs.
The white paper concludes, “The growth of the Internet and connected technologies comes with an inescapable increase in the complexity and vulnerability of modern systems. These risks are shared across all facets and sectors of society, and no one organization is truly capable of managing these risks on its own.
“The nature of our modern connected society requires collaboration, and thus-as recent years have manifestly demonstrated-CVD remains one of the most valuable, effective methods for embracing that collaboration and facing those risks. Consequently, Congress, the rest of the federal government, the private sector, and third-parties should all find ways to support and adopt CVD."
