A vulnerability is a weakness which allows a cyber attacker to compromise a computer system’s information assurance.
As you can imagine, a vulnerability left alone can take a production system down to its knees causing a company millions upon millions of dollars. The sooner we, as a company know, about vulnerabilities that can affect our company the better. It allows software manufacturers to develop and deploy patches quicker.
Legislation last week was announced last week by a joint House and Senate Democrats and Republicans that seems to be the first response to the “ransomware” outbreak that occurred globally. It is believed that attack was initiated by a National Security Agency (NSA) hacking tool. The bill, referred to as the “PATCH Act” makes permanent the current Vulnerabilities Equities Process that discloses when the government tells us about software vulnerabilities.
Senators Brian Schatz (D-HI), Ron Johnson (R-WI) and Cory Gardner (R-CO) as well as Representatives Ted Lieu (D-CA) and Blake Farenthold (R-TX), introduced the Protecting Our Ability to Counter Hacking (“PATCH”) Act.
Currently, not all vulnerabilities are shared with the Vulnerabilities Equities Process, and certain vulnerabilities are guarded.
The following statement can be attributed to Andi Wilson, Policy Analyst at New America’s Open Technology Institute:
“One of the most critical components of a strong vulnerabilities review process is that it apply to absolutely all vulnerabilities in the government’s possession, not just the ones that the intelligence community chooses to put into the process. The PATCH Act presents an opportunity to make vulnerabilities review consistent and transparent, assuring government stakeholders, companies, and the American people that a clear set of rules is being used to decide whether vulnerabilities should be disclosed. Given the very real cybersecurity concerns of nondisclosure, it is imperative that steps be taken to improve the process for vulnerabilities review, and legislation like the PATCH Act is crucial in establishing confidence and trust in that process. OTI strongly supports the PATCH Act sponsors’ efforts to address the cybersecurity risk posed by government-stockpiled vulnerabilities, and thanks Senators Schatz and Johnson for their leadership on this issue.”
Cyber-attacks continue to be a significant threat to companies. It is nice to know the House and Senate are becoming aware.