Today, Senators Brian Schatz (D-HI), Ron Johnson (R-WI) and Cory Gardner (R-CO), along with Representatives Ted Lieu (D-CA) and Blake Farenthold (R-TX), introduced the Protecting Our Ability to Counter Hacking (“PATCH”) Act.
The bill requires the Executive Branch to establish a Vulnerabilities Equities Review Board to oversee the government’s disclosure of vulnerabilities in information technology products and systems that are not publicly known. Public Knowledge commends these legislators for introducing a bill to address the government’s approach to disclosing hardware and software vulnerabilities.
The following can be attributed to Megan Stifel, Cybersecurity Policy Director at Public Knowledge:
“The government is charged with advancing cybersecurity and carrying out law enforcement and national security missions. In pursuing these responsibilities, the government must decide whether to expeditiously disclose the vulnerabilities it becomes aware of to enable mitigation or retain them to further a law enforcement or intelligence investigation.
“We thank these legislators for leading this effort to foster greater transparency and accountability on the cybersecurity policy challenge of software and hardware vulnerabilities. We welcome this bill and similar efforts to enhance trust in the internet and internet-enabled devices.”
Members of the media may contact Communications Director Shiva Stella with inquiries, interview requests, or to join the Public Knowledge press list at firstname.lastname@example.org or 405-249-9435.