Vulnerability disclosure policy bill for federal contractors clears Senate panel | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/federal-contractor-cybersecurity-vulnerability-reduction-act-2024\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Vulnerability disclosure policy bill for federal contractors clears Senate panel\"> <meta property=\"og:description\" content=\"The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/federal-contractor-cybersecurity-vulnerability-reduction-act-2024\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-11-20T18:47:15+00:00\"> <meta property=\"article:modified_time\" content=\"2024-11-20T18:47:18+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1731444340g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1730999764g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1732010462g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ddc036fa194c40cf406f\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82692\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82692\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffederal-contractor-cybersecurity-vulnerability-reduction-act-2024%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffederal-contractor-cybersecurity-vulnerability-reduction-act-2024%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82692 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/federal-contractor-cybersecurity-vulnerability-reduction-act-2024\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.747634069401\">\n<div class=\"single-article__header-content\" readability=\"34.434782608696\">\n<p> The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/82692\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-5.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> Sen. Mark Warner, D-Va., speaks during a press conference in Washington, D.C., on March 20, 2018. From left, Sens. John Cornyn, James Lankford, Susan Collins and Richard Burr listen. (NICHOLAS KAMM\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"44.903866248694\"><body readability=\"91.05677480916\"><\/p>\n<p>A bill that would require federal contractors to implement vulnerability disclosure policies that comply with National Institute of Standards and Technology guidelines <a href=\"https:\/\/www.hsgac.senate.gov\/hearings\/business-meeting-27\/\">cleared a key Senate panel Wednesday<\/a>, setting the bipartisan legislation up for a vote before the full chamber.<\/p>\n<p>The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 (<a href=\"https:\/\/www.congress.gov\/bill\/118th-congress\/senate-bill\/5028\">S. 5028<\/a>) from Sens. Mark Warner, D-Va., and James Lankford, R-Okla., sailed through the Senate Homeland Security and Governmental Affairs Committee, after a companion bill from Rep. Nancy Mace, R-S.C., <a href=\"https:\/\/mace.house.gov\/media\/press-releases\/rep-maces-federal-cybersecurity-vulnerability-reduction-act-passes-house#:~:text=The%20bill%2C%20which%20was%20introduced,Vulnerability%20Disclosure%20Policies%20(VDP).\">passed the House Oversight Committee<\/a> in May.<\/p>\n<p>The bill from Warner and Lankford would formalize a structure for contractors to receive vulnerability reports about their products and take action against them ahead of an attack. In <a href=\"https:\/\/cyberscoop.com\/federal-contractor-vulnerability-disclosure-policies-senate-bil\/\">announcing the legislation in August<\/a>, Warner said that vulnerability disclosure policies, or VDPs, \u201care a crucial tool used to proactively identify and address software vulnerabilities,\u201d and that this bill would \u201cbetter protect our critical infrastructure and sensitive data from potential attacks.\u201d<\/p>\n<p>Federal law mandates that civilian federal agencies have VDPs, but no standard currently exists for federal contractors. The legislation would require contractors to accept, assess and manage any vulnerability reports that they receive.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The legislation was previously touted by cyber firms including Palo Alto Networks and HackerOne. In a statement provided to CyberScoop on Wednesday, Ilona Cohen, HackerOne\u2019s chief legal and policy officer, said \u201cthe overwhelming bipartisan support in both the Senate and House\u201d of the bill \u201cprovides additional momentum for enacting this legislation as part of this year\u2019s\u201d National Defense Authorization Act.<\/p>\n<p>The bill was <a href=\"https:\/\/www.warner.senate.gov\/public\/_cache\/files\/3\/f\/3f6625dc-09b1-4cf1-809a-015a3baf3718\/B66CD4E645A5A5730A15B0C90F3E6989.federal-contractor-cybersecurity-vulnerability-reduction-act-one-pager.pdf\">written in part<\/a> as a response to the <a href=\"https:\/\/cyberscoop.com\/tag\/opm-breach\/\">2015 Office of Personnel Management data breach<\/a>, in which vulnerabilities in systems used by two contractors that stored data on federal employee background checks were exploited. <\/p>\n<p>\u201cFederal agencies have made significant progress in implementing vulnerability disclosure policies,\u201d Cohen said. \u201cThis legislation will address a gap in our nation\u2019s cybersecurity defenses by requiring contractors to adopt this best practice to protect government information and personal data.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-other-cyber-bills-move-forward\"><strong>Other cyber bills move forward<\/strong><\/h2>\n<p>Days after Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., introduced legislation to <a href=\"https:\/\/cyberscoop.com\/federal-acquisition-security-council-improvement-act-supply-chain-security\/\">strengthen oversight powers of an interagency federal council<\/a> charged with securing the government\u2019s IT supply chain, the bill cleared HSGAC and now awaits a full Senate vote.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Federal Acquisition Security Council Improvement Act of 2024 (<a href=\"https:\/\/www.congress.gov\/bill\/118th-congress\/senate-bill\/5310\">S. 5310<\/a>) from Peters, who chairs HSGAC, and Rounds, a member of the Senate Intelligence Committee, seeks to combat security threats posed by technology products made by companies with ties to foreign adversaries, particularly China. <\/p>\n<p>The legislation, a companion to a <a href=\"https:\/\/fedscoop.com\/federal-acquisition-security-council-would-get-teeth-under-bipartisan-house-bill\/\">House bill<\/a> introduced in September, would give the Office of the National Cyber Director leadership authorities over the Federal Acquisition Security Council, which is currently overseen by the Office of Management and Budget.<\/p>\n<p>The bill also aims to push the FASC to pursue orders to block the use of technologies that may threaten national security \u2014 something the council hasn\u2019t done in its six years of existence. The legislation would establish a process to allow Congress to initiate investigations into potentially risky tech, with the FASC then ordering a ban on government purchases of that product or a ban on products from the company in question. <\/p>\n<p>Two pieces of cybersecurity workforce legislation also cleared the Senate panel Wednesday: the DHS Cybersecurity On-the-Job Training Program Act (<a href=\"https:\/\/www.congress.gov\/bill\/118th-congress\/house-bill\/3208\/cosponsors\">H.R. 3208<\/a>) and the DHS Cybersecurity Internship Program Act (<a href=\"https:\/\/www.govinfo.gov\/app\/details\/BILLS-118s5321is\">S. 5321<\/a>). Both bills would amend the Homeland Security Act of 2002. <\/p>\n<p>The first bill, introduced last year by Rep. Sheila Jackson Lee, D-Texas, directs DHS to develop a program to train agency workers on cyber-related matters at the department. The second bill, from Peters and <a href=\"https:\/\/www.congress.gov\/bill\/118th-congress\/house-bill\/9689\/cosponsors\">Rep. Yvette Clarke, D-N.Y.<\/a>, would create a paid cybersecurity internship program within DHS.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.1300675675676\">\n<div class=\"author-card\" readability=\"15\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-1.jpg?w=640&ssl=1\" alt=\"Matt Bracken\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Bracken<\/h4>\n<p> Matt Bracken is the managing editor of FedScoop and CyberScoop, overseeing coverage of federal government technology policy and cybersecurity. Before joining Scoop News Group in 2023, Matt was a senior editor at Morning Consult, leading data-driven coverage of tech, finance, health and energy. He previously worked in various editorial roles at The Baltimore Sun and the Arizona Daily Star. You can reach him at matt.bracken@scoopnewsgroup.com. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"20.921052631579\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/federal-acquisition-security-council-improvement-act-supply-chain-security\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"505\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-2.jpg?resize=505%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-6.jpg?resize=1012,675 1012w\" sizes=\"auto, (max-width: 505px) 100vw, 505px\"> <\/a><figcaption class=\"screen-reader-text\"> Sen. Gary Peters, D-Mich., speaks during a Senate Homeland Security and Governmental Affairs Committee hearing on March 25, 2021 on Capitol Hill in Washington, D.C. (Photo by Astrid Riecken\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"1.7663551401869\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/federal-acquisition-security-council-improvement-act-supply-chain-security\/\"> Bipartisan Senate bill targets supply chain threats from foreign adversaries <\/a> <\/h3>\n<p> The bill would strengthen oversight powers for the body charged with investigating IT products from China and other foes. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-bracken\/\"> Matt Bracken <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/nist-artificial-intelligence-vulnerability-reporting-congress\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-7.jpg?resize=1012,675 1012w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Rep. Deborah Ross, D-N.C., speaks during a press conference in Washington, D.C., on June 3, 2024. Legislation from Ross and two colleagues to add AI systems to the National Vulnerability Database cleared a House panel on Sept. 25, 2024. (Photo by ALLISON BAILEY\/Middle East Images\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/nist-artificial-intelligence-vulnerability-reporting-congress\/\"> House panel moves bill that adds AI systems to National Vulnerability Database <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/exclusive-house-homeland-security-chair-releases-pushes-forth-cyber-workforce-bill\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/11\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel-8.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Rep. Mark Green, R-Tenn., chairman of the House Homeland Security Committee, arrives before the start of a House Homeland Security Committee hearing on Jan. 10. (Photo by Kent Nishimura\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/exclusive-house-homeland-security-chair-releases-pushes-forth-cyber-workforce-bill\/\"> Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/federal-contractor-cybersecurity-vulnerability-reduction-act-2024\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability disclosure policy bill for federal contractors clears Senate panel<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1126,1265,3151,439,2468,703,2759],"tags":[1128,1267,3152,443,2470,705,2760],"class_list":["post-6335","post","type-post","status-publish","format-standard","hentry","category-cyber-workforce","category-cybersecurity-workforce","category-it-supply-chain","category-policy","category-vdp","category-vulnerability-disclosure","category-vulnerability-reporting","tag-cyber-workforce","tag-cybersecurity-workforce","tag-it-supply-chain","tag-policy","tag-vdp","tag-vulnerability-disclosure","tag-vulnerability-reporting"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-workforce\/\" rel=\"category tag\">cyber workforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-workforce\/\" rel=\"category tag\">cybersecurity workforce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/it-supply-chain\/\" rel=\"category tag\">IT supply chain<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vdp\/\" rel=\"category tag\">vdp<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a>","tag_info":"vulnerability reporting","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6335"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6335\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":6335,"date":"2024-11-20T12:47:15","date_gmt":"2024-11-20T18:47:15","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82692"},"modified":"2024-11-20T12:47:15","modified_gmt":"2024-11-20T18:47:15","slug":"vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/11\/20\/vulnerability-disclosure-policy-bill-for-federal-contractors-clears-senate-panel\/","title":{"rendered":"Vulnerability disclosure policy bill for federal contractors clears Senate panel"},"content":{"rendered":"