The legislation adds requirements for the Department of Homeland Security to report to Congress on its process and policies throughout the evaluation of vulnerable information.
Legislation approved by House lawmakers on Tuesday introduced new oversight in the process of disclosing and reporting of cyber vulnerabilities. The legislation adds requirements for the Department of Homeland Security to report to Congress on its process and policies throughout the evaluation of vulnerable information.
The Department of Homeland Security has a role in the Vulnerabilities Equities Policy and Process (VEP), a charter passed to meet the demands for increased transparency and discussion around risk of information exploitation. The increased required reports have been « widely viewed as a step forward for transparency, » the Hill reports.
Previous legislation has only required the Department of Homeland Security to share cybersecurity threat information with private entities. The Department of Homeland Security cleared the new legislation last July, agreeing to share cybersecurity risks with Congress.
In November of 2017, the White House passed the charter outlining the role of VEP. The process measures the risk associated with vulnerability information submitted by different government department or agency entities. The process evaluates the « legitimate advantages and disadvantages to disclosing vulnerabilities, » and discloses potential consequences of information exploitation.