Does Homeland Security Need to Let the Public Report Vulnerabilities on its Websites? (H.R. 6735)
Do you support or oppose this bill?
What is H.R. 6735?
(Updated October 5, 2018)
This bill — the Public-Private Cybersecurity Cooperation Act — would require the Dept. of Homeland Security (DHS) to establish a policy for the reporting, mitigating, and remediating security vulnerabilities on DHS websites within 90 days. The policy would have to take into account the information technology that it applies to, the conditions under which individuals or organizations can legally discover & report vulnerabilities, and the process for disclosing the flaws. Under current law, there is no legal avenue for people to report vulnerabilities found on DHS websites.
In developing its policy, DHS would be required to consult with the Dept. of Defense, as the agency established its own vulnerability disclosure program, in addition to the Justice Dept., the General Services Administration, and non-governmental security researchers. Additionally, the bill would require DHS to report to Congress regarding the development and effectiveness of the bug bounty program.
Argument in favor
Cyber vulnerability disclosure programs are a proven way to find and fix security vulnerabilities on government websites, and this bipartisan bill would create such a program in the Dept. of Homeland Security.
Argument opposed
The Dept. of Homeland Security shouldn’t have to resort to using a reporting program to fix security vulnerabilities in its websites, even if such programs have helped the Dept. of Defense.
Impact
Participants in the cyber vulnerability program; DHS and the agencies or entities it would consult with in developing its program; and Congress.
Cost of H.R. 6735
A CBO cost estimate is unavailable.
Additional Info
In-Depth: House Majority Leader Kevin McCarthy (R-CA) introduced this bill to create a DHS cyber vulnerability policy based on the DOD’s Vulnerability Disclosure Policy that allows individuals and organizations to submit vulnerabilities found on DOD websites through an online portal, which improved DOD’s understanding of its public-facing cyber risks.
This legislation passed the House Homeland Security Committee unanimously and has the support of three cosponsors, including two Republicans and one Democrat.
Media:
Summary by Eric Revell
(Photo Credit: iStock.com / PeopleImages)The Latest
-
SCOTUS Hears Trump Immunity Case, Appearing SkepticalUpdated Apr. 26, 2024, 11:00 a.m. EST The Supreme Court heard oral arguments today over whether Trump is immune from prosecution read more... States
-
IT: 🖋️ Biden signs a bill approving military aid and creating hurdles TikTok, and... Should the U.S. call for a ceasefire?Welcome to Thursday, April 25th, readers near and far... Biden signed a bill that approved aid for Ukraine, Israel, and Taiwan, read more...
-
Biden Signs Ukraine, Israel, Taiwan Aid, and TikTok BillWhat’s the story? President Joe Biden signed a bill that approved aid for Ukraine, Israel, and Taiwan, which could lead to a ban read more... Taiwan
-
Protests Grow Nationwide as Students Demand Divestment From IsraelUpdated Apr. 23, 2024, 11:00 a.m. EST Protests are growing on college campuses across the country, inspired by the read more... Advocacy