Why Should I Vote On BetterDistricts?

Polling is a powerful tool to help our elected officials determine how they should vote.

Standard polling methods don't give you the control that you deserve. With BetterDistricts you can show your representative exactly how strongly a bill is supported in your community.

Send a clear signal on how you want your government to work.

 

H.R. 6735 - To direct the Secretary of Homeland Security to establish a vulnerability disclosure policy for Department of Homeland Security internet websites, and for other purposes.

Introduced: 2018-09-07
Bill Status: Referred to the House Committee on Homeland Security.
 
Summary Not Available

Full Text


115th CONGRESS
2d Session
H. R. 6735


    To direct the Secretary of Homeland Security to establish a vulnerability disclosure policy for Department of Homeland Security internet websites, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

September 7, 2018

    Mr. McCarthy (for himself, Mr. Hurd, Mr. Langevin, and Mr. Ratcliffe) introduced the following bill; which was referred to the Committee on Homeland Security


A BILL

    To direct the Secretary of Homeland Security to establish a vulnerability disclosure policy for Department of Homeland Security internet websites, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Department of Homeland Security disclosure of security vulnerabilities.

(a) Vulnerability disclosure policy.—The Secretary of Homeland Security shall establish a policy applicable to individuals, organizations, and companies that report security vulnerabilities on Department of Homeland Security public internet websites that shall include—

(1) the information technology to which the policy applies;

(2) the conditions under which parties may legally operate to discover and report security vul­ner­a­bil­i­ties;

(3) how individuals, organizations, and companies should disclose discovered security vul­ner­a­bil­i­ties to the Department;

(4) the communication that parties that report security vulnerabilities should expect from the Department; and

(5) how the Department will disclose, or how parties that report security vulnerabilities may disclose, reported security vulnerabilities.

(b) Remediation process.—The Secretary shall develop a process for the Department of Homeland Security to address how the Department will mitigate or remediate security vulnerabilities reported through the policy developed in subsection (a).

(c) Consultation.—In developing the security vulnerability disclosure policy under subsection (a), the Secretary shall consult with—

(1) the Attorney General regarding how to ensure that individuals, organizations, and companies that comply with the requirements of the policy developed under subsection (a) are protected from prosecution under section 1030 of title 18, United States Code, civil lawsuits, and similar provisions of law with respect to specific activities authorized under the policy;

(2) the Secretary of Defense and the Administrator of General Services regarding lessons that may be applied from existing vulnerability disclosure programs; and

(3) non-governmental security researchers.

(d) Public availability.—The Secretary shall make the policy developed under subsection (a) publicly available.

(e) Submission to Congress.—

(1) Not later than 90 days after the date of the enactment of this Act, the Secretary shall submit to Congress the policy required under subsection (a) and the remediation process required under subsection (b).

(2) Not later than one year after creating the policy required under subsection (a) the Secretary shall submit a report to Congress, and annually thereafter for each of the next three years, the Secretary shall brief Congress with the following information with respect to the policy required under subsection (a) and the process required under subsection (b):

(A) the number of unique security vul­ner­a­bil­i­ties reported;

(B) the number of previously unknown security vulnerabilities mitigated or remediated;

(C) the number of unique parties that reported security vulnerabilities; and

(D) the average length of time between the reporting of security vulnerabilities and mitigation or remediation of such vul­ner­a­bil­i­ties.

(f) Definitions.—In this section—

(1) the term “security vulnerability” has the meaning given that term in section 1501 of title 6, United States Code, in information technology; and

(2) the term “information system” has the meaning given that term by section 3502 of title 44, United States Code.


Relevant News Stories And Blog Posts

Title Worth Reading

Vote on H.R. 6735

 

Activity in last 30 days