"Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors"
US senators Mark R. Warner and James Lankford over the weekend announced the introduction of a bipartisan bill seeking tighter vulnerability disclosure rules for federal contractors. The bill is referred to as the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the legislation is aimed at mitigating the impact of cyberattacks by requiring federal contractors to adhere to the vulnerability disclosure guidelines set by the National Institute of Standards and Technology (NIST). Specifically, the new bill would require the Office of Management and Budget (OMB) to oversee updates to the Federal Acquisition Regulation (FAR) that would require federal contractors to implement vulnerability disclosure policies in line with federal agencies’ requirements. The Secretary of Defense would be required to oversee updates to the Defense Federal Acquisition Regulation Supplement (DFARS) contract requirements that would require defense contractors to implement similar policies. The new legislation would require that federal contractors implement VDPs and a formal process of accepting, assessing, and managing vulnerability reports, thus reducing known security bugs.