Legislation that would require the implementation of vulnerability disclosure policies (VDPs) across all federal contractors was approved by the U.S. House of Representatives earlier this week, according to SC Media.The bill — which also mandates the Office of Management and Budget recommend updated contract requirements and VDP language based on a Federal Acquisition Regulation review — has long been supported by the cybersecurity sector, with a group including Microsoft, HackerOne, BugCrowd, and others noting its benefits in protecting critical systems.Oasis Security's Head of Research Elad Luz, said implementing VDPs is crucial for bolstering security researchers.However, combating state-backed cyber threats requires more than just compliance with vulnerability disclosures, said Approov CEO Ted Miracco."To be truly effective, FAR requirements must be updated to address known weakness by including requirements for app attestation, API protections, and continuous validation. Federal contractors need real security solutions — not just regulatory checkboxes — to defend critical infrastructure against evolving attacks," Miracco added.
You can skip this ad in 5 seconds