Does Homeland Security Need to Let the Public Report Vulnerabilities on its Websites? (H.R. 6735)
Do you support or oppose this bill?
What is H.R. 6735?
(Updated October 5, 2018)
This bill — the Public-Private Cybersecurity Cooperation Act — would require the Dept. of Homeland Security (DHS) to establish a policy for the reporting, mitigating, and remediating security vulnerabilities on DHS websites within 90 days. The policy would have to take into account the information technology that it applies to, the conditions under which individuals or organizations can legally discover & report vulnerabilities, and the process for disclosing the flaws. Under current law, there is no legal avenue for people to report vulnerabilities found on DHS websites.
In developing its policy, DHS would be required to consult with the Dept. of Defense, as the agency established its own vulnerability disclosure program, in addition to the Justice Dept., the General Services Administration, and non-governmental security researchers. Additionally, the bill would require DHS to report to Congress regarding the development and effectiveness of the bug bounty program.
Argument in favor
Cyber vulnerability disclosure programs are a proven way to find and fix security vulnerabilities on government websites, and this bipartisan bill would create such a program in the Dept. of Homeland Security.
Argument opposed
The Dept. of Homeland Security shouldn’t have to resort to using a reporting program to fix security vulnerabilities in its websites, even if such programs have helped the Dept. of Defense.
Impact
Participants in the cyber vulnerability program; DHS and the agencies or entities it would consult with in developing its program; and Congress.
Cost of H.R. 6735
A CBO cost estimate is unavailable.
Additional Info
In-Depth: House Majority Leader Kevin McCarthy (R-CA) introduced this bill to create a DHS cyber vulnerability policy based on the DOD’s Vulnerability Disclosure Policy that allows individuals and organizations to submit vulnerabilities found on DOD websites through an online portal, which improved DOD’s understanding of its public-facing cyber risks.
This legislation passed the House Homeland Security Committee unanimously and has the support of three cosponsors, including two Republicans and one Democrat.
Media:
Summary by Eric Revell
(Photo Credit: iStock.com / PeopleImages)The Latest
-
SCOTUS Hears Arguments of Abortion Pill Mifepristone CaseUpdated March 27, 2024, 12:30 p.m. EST On Tuesday, March 26, the Supreme Court heard arguments about the mifepristone case, read more... Women's Health
-
IT: ⛑️ It's American Red Cross Giving Day, and... How will you give back today?Welcome to Wednesday, March 27th, philanthropists and entrepreneurs... It's American Red Cross Giving Day - a time to ensure the read more...
-
Moscow Concert Hall, Russia’s Deadliest Attack in DecadesOn Friday, March 22, at least four men fired automatic weapons into a sold-out show at the Crocus City Hall auditorium in read more... Public Safety
-
Discover Gravvy — A New Way to Support What Matters MostDiscover Gravvy — A New Way to Support What Matters Most Are you ready to optimize your giving? read more...