SecurityWeek reports that federal contractors would be subjected to more stringent vulnerability disclosure rules established by the National Institute of Standards and Technology under new bipartisan legislation introduced by Sens. Mark Warner, D-Va., and James Lankford, R-Okla., in a bid to curb increasingly damaging cyberattacks.
Updates to the Federal Acquisition Regulation and Defense Federal Acquisition Regulation Supplement contract requirements should be conducted by the Office of Management and Budget and the Defense Secretary, respectively, to ensure contractors' adoption of compliant vulnerability disclosure policies, according to the bill. Such legislation would place federal contractors on par with federal civilian agencies, which had already been required to implement VDPs. "VDPs are a crucial tool used to proactively identify and address software vulnerabilities. This legislation will ensure that federal contractors, along with federal agencies, are adhering to national guidelines that will better protect our critical infrastructure, and sensitive data from potential attacks," said Warner.