{"id":302133,"date":"2024-08-26T14:08:17","date_gmt":"2024-08-26T14:08:17","guid":{"rendered":"https:\/\/www.techopedia.com\/?p=302133"},"modified":"2024-08-26T14:08:17","modified_gmt":"2024-08-26T14:08:17","slug":"exploring-the-u-s-report-a-vulnerability-act-expert-analysis","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis","title":{"rendered":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis"},"content":{"rendered":"<p>In 2014 and 2015, two interconnected <a href=\"https:\/\/www.techopedia.com\/definition\/24748\/cyberattack\">cyberattacks<\/a> targeted and breached the U.S. Office of Personnel Management (OPM), a federal agency. Data, including social security numbers of 21.5 million people, were stolen.<\/p>\n<p>Six years later, in 2021, the Colonial Pipeline <a href=\"https:\/\/www.techopedia.com\/definition\/4337\/ransomware\">ransomware<\/a> attack crippled a major fuel pipeline, disrupting supply chains across the Eastern United States and indirectly impacting federal agencies.<\/p>\n<p>And in 2023 the SolarWinds remote <a href=\"https:\/\/www.techopedia.com\/definition\/5484\/trojan-horse\">trojan attack <\/a>affected about 100 organizations, driving a cyberespionage operation that targeted federal agencies and federal contractors.<\/p>\n<p>The list of high-profile cyberattacks that impacted federal agencies is as extensive as it is concerning. In response, the government is pushing for a new vulnerability act that would mandate all federal contractors \u2014 vital contributors to the federal government supply chain \u2014 to deploy and maintain Vulnerability Disclosure Programs (VDPs).<\/p>\n<div class=\"su-note\"  style=\"border-color:#dddddd;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\"><div class=\"su-note-inner su-u-clearfix su-u-trim\" style=\"background-color:#f7f7f7;border-color:#ffffff;color:#333333;border-radius:3px;-moz-border-radius:3px;-webkit-border-radius:3px;\">\n<h2><span id=\"key_takeaways\">Key Takeaways<\/span><\/h2>\n<ul>\n<li>Vulnerability Disclosure Programs (VDPs) are essential for cybersecurity \u2014 but federal contractors face increased cybersecurity responsibilities<\/li>\n<li>The new U.S. legislation will mandate the deployment and management of VDPs for federal contractors.<\/li>\n<li>This is a shift towards a more proactive approach to addressing cyber threats.<\/li>\n<li>Our experts work out the nuances and effects of the new legislation.<\/li>\n<\/ul>\n<\/div><\/div>\n<div>\n    <section class=\"toc-sticky w-100 bg-white \">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\"\n                 aria-controls=\"multiCollapse1\"\n                 data-bs-target=\"#multiCollapse1\">\n                <button\n                        class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\"\n                >\n                    <i class=\"icon-chevron-up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n                <span class=\"toc-main-title-permanent\">Table of Contents<\/span>\n            <\/div>\n            <div\n                    class=\"collapse my-3\"\n                    id=\"multiCollapse1\"\n            >\n                <ol class=\"StepProgress\">\n                                                                        <li class=\"StepProgress-item current\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"key_takeaways\"\n                               onclick=handleScrollToTitle(\"key_takeaways\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Key Takeaways<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"us_gov_goes_beyond_traditional_security\"\n                               onclick=handleScrollToTitle(\"us_gov_goes_beyond_traditional_security\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">U.S. Gov. Goes Beyond Traditional Security<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"why_the_new_law_pushes_federal_contractors_not_agencies_to_level_up\"\n                               onclick=handleScrollToTitle(\"why_the_new_law_pushes_federal_contractors_not_agencies_to_level_up\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Why the New Law Pushes Federal Contractors (not Agencies) to Level Up<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"is_the_new_act_fair_for_all_companies\"\n                               onclick=handleScrollToTitle(\"is_the_new_act_fair_for_all_companies\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Is the New Act Fair for All Companies?<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"voting_machines_government_communication_providers_encryption_services_and_feasibility_of_the_act\"\n                               onclick=handleScrollToTitle(\"voting_machines_government_communication_providers_encryption_services_and_feasibility_of_the_act\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">Voting Machines, Government Communication Providers, Encryption Services, and Feasibility of the Act<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"the_bottom_line\"\n                               onclick=handleScrollToTitle(\"the_bottom_line\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">The Bottom Line<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                                                        <li class=\"StepProgress-item\">\n                                                <div class=\"StepProgress-item__group\">\n                            <a data-id=\"references\"\n                               onclick=handleScrollToTitle(\"references\")\n                               class=\"StepProgress-item__link\" data-level=\"2\">References<\/a>\n                                                    <\/div>\n                                                <\/li>\n                                    <\/ol>\n                <div class=\"toc-sticky__container__disperse\"><\/div>\n                <div class=\"toc-sticky__btn-top justify-content-center\">\n                    <button class=\"btn btn-link d-flex align-items-center\" onclick={btnTop()}><p>Show Full Guide<\/p><img decoding=\"async\"\n                                src=\"\/wp-content\/plugins\/table-of-contents\/assets\/images\/arrow-up-circle.svg\"\n                                alt=\"arrow-up-circle\">\n                    <\/button>\n                <\/div>\n            <\/div>\n        <\/div>\n    <\/section>\n    <div class=\"toc-sticky-list\">\n        <div class=\"toc-sticky__container container\">\n            <div class=\"toc-sticky__open d-flex align-items-end\" data-bs-toggle=\"collapse\" aria-controls=\"multiCollapse2\" data-bs-target=\"#multiCollapse2\">\n                <button class=\"btn btn-primary collapse-action-btn p-1 rounded-circle\"\n                        type=\"button\">\n                    <i class=\"icon-chevron-up up\"><\/i>\n                <\/button>\n                <span id=\"toc-current-title\" class=\"d-flex align-items-center\">\n                    Table of Contents\n                <\/span>\n            <\/div>\n            <div  class=\"collapse my-3\" id=\"multiCollapse2\">\n                <ol class=\"StepProgress\">\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item current \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"key_takeaways\"\n                                   onclick=handleScrollToTitle(\"key_takeaways\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Key Takeaways<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"us_gov_goes_beyond_traditional_security\"\n                                   onclick=handleScrollToTitle(\"us_gov_goes_beyond_traditional_security\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">U.S. Gov. Goes Beyond Traditional Security<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t                                                     <li class=\"StepProgress-item \">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"why_the_new_law_pushes_federal_contractors_not_agencies_to_level_up\"\n                                   onclick=handleScrollToTitle(\"why_the_new_law_pushes_federal_contractors_not_agencies_to_level_up\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Why the New Law Pushes Federal Contractors (not Agencies) to Level Up<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t\n\t\t\t\t\t\t <span class=\"show_moretoc\">Show Full Guide<\/span>\n\t\t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"is_the_new_act_fair_for_all_companies\"\n                                   onclick=handleScrollToTitle(\"is_the_new_act_fair_for_all_companies\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Is the New Act Fair for All Companies?<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"voting_machines_government_communication_providers_encryption_services_and_feasibility_of_the_act\"\n                                   onclick=handleScrollToTitle(\"voting_machines_government_communication_providers_encryption_services_and_feasibility_of_the_act\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">Voting Machines, Government Communication Providers, Encryption Services, and Feasibility of the Act<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"the_bottom_line\"\n                                   onclick=handleScrollToTitle(\"the_bottom_line\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">The Bottom Line<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                    \t\t\t\t\t \t\t\t\t\t \t\t\t\t\t\t  \t\t\t\t\t                                                      <li class=\"StepProgress-item ms_hidetoc\">\n                                                    <div class=\"StepProgress-item__group\">\n                                <a data-id=\"references\"\n                                   onclick=handleScrollToTitle(\"references\")\n                                   class=\"StepProgress-item__link\"\n                                   data-level=\"2\">References<\/a>\n                                                            <\/div>\n                                                    <\/li>\n                                    <\/ol>\n            <\/div>\n            <div class=\"toc-sticky__container__disperse\"><\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n<script id=\"toc-js\">\n    window.addEventListener(\"DOMContentLoaded\", () => {\n        const header = document.querySelector(\".header_wrapper\");\n\n        const pageLegend = document.querySelector('#multiCollapse1');\n        const pageLegendList = document.querySelector('#multiCollapse2');\n        const pageLegendCollapse = new bootstrap.Collapse(pageLegend, {toggle: document.querySelector(\".toc-sticky\").classList.contains('sticky')});\n\n        \/**\n         * Changing current title\n         *\/\n        (function (pageLegend) {\n            const titleNodes = pageLegend.querySelectorAll('.StepProgress-item__link');\n\n            if (!titleNodes.length) return;\n\n            const titles = [...titleNodes].map((itm, i) => ({\n                id: itm.getAttribute('data-id'),\n                text: itm.textContent,\n                level: itm.getAttribute('data-level'),\n                linkNode: itm,\n                titleNode: document.getElementById(itm.getAttribute('data-id')),\n                index: i,\n            }));\n\n            \/**\n             * Source: https:\/\/www.sitepoint.com\/throttle-scroll-events\/\n             * @param {Function} fn\n             * @param {number} wait\n             * @returns {(function(): void)|*}\n             *\/\n            const throttle = (fn, wait) => {\n                let time = Date.now();\n                return function () {\n                    if ((time + wait - Date.now()) < 0) {\n                        fn();\n                        time = Date.now();\n                    }\n                }\n            }\n\n            const changeCurrentTitle = () => {\n                const documentScrollTop = window.pageYOffset || document.documentElement.scrollTop || document.body.scrollTop || 0;\n                let current = 0;\n\n                \/\/ Title\n                titles.forEach((itm, i) => {\n\t\t\t\t\/\/console.log(itm)\n                    const itmOffsetTop = itm.titleNode ? itm.titleNode.offsetTop - 100 : 0;\n\n                    if (documentScrollTop >= itmOffsetTop) {\n                        document.getElementById('toc-current-title').innerHTML = itm.text;\n                        document.getElementById('toc-current-title').setAttribute('data-current-id', itm.id);\n                        document.getElementById('toc-current-title').setAttribute('data-current-level', itm.level);\n                        current = i;\n                    }\n                })\n\n                \/\/ close all list and open sub list if needed\n                if (document.querySelector(\".toc-sticky\").classList.contains('sticky')) {\n                    document.querySelectorAll('.subList-in-progress').forEach((el) => {\n                        el.children[1].classList.remove('show');\n                        el.getElementsByClassName('icon-chevron-down')[0].classList.remove('up');\n                    });\n                    const currentEl = titles[current];\n                    currentEl.linkNode.classList.add('show');\n                }\n\n                titles.forEach((itm, i) => {\n                    itm.linkNode.parentNode.parentNode.classList.remove('current', 'is-done');\n                    if (current > i) {\n                        itm.linkNode.parentNode.parentNode.classList.add('is-done')\n                    };\n                    if (current === i) {\n                      itm.linkNode.parentNode.parentNode.classList.add('current');\n                    };\n                })\n\n            }\n\n            changeCurrentTitle();\n\n            document.addEventListener('scroll', throttle(changeCurrentTitle, 50));\n        })(pageLegend);\n\n\n        \/**\n         *  Collapse\n         *\/\n        (function (pageLegend, header) {\n            const icon = pageLegend.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = (status) => (e) => {\n                if (!e.target.isEqualNode(pageLegend)) return;\n\n                icon.classList.toggle(\"up\");\n\n                const containerHeight = pageLegend.getBoundingClientRect().height;\n\n                const showSubtitleContent = () => {\n                    const currentId = document.getElementById('toc-current-title').getAttribute('data-current-id');\n                    const currentLevel = document.getElementById('toc-current-title').getAttribute('data-current-level');\n                    const currentSubTitle = currentLevel == 3 ? document.querySelector(`a[data-id=\"${currentId}\"]`).parentNode.parentNode.parentNode : false;\n\n                    if (!currentSubTitle) return;\n                    new bootstrap.Collapse(currentSubTitle, {toggle: false}).show();\n                }\n\n                showSubtitleContent();\n                if (status === 'shown' && document.querySelector(\".toc-sticky\").classList.contains('sticky') ) {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.add('overflow-auto');\n                    pageLegend.style.height = `calc(100vh - ${header.getBoundingClientRect().height + document.querySelector('.toc-sticky__open').getBoundingClientRect().height + 16}px)`;\n                } else if (status === 'hide') {\n                    document.querySelector('html').classList.remove('overflow-hidden');\n                    pageLegend.classList.remove('overflow-auto');\n                    pageLegend.style.height = 'auto';\n                }\n            }\n\n            pageLegend.addEventListener('shown.bs.collapse', collapseToggle('shown'));\n            pageLegend.addEventListener('hide.bs.collapse', collapseToggle('hide'));\n        })(pageLegend, header);\n\n        \/**\n         * Collapse sub-titles\n         *\/\n        (function (pageLegend) {\n            const collapseEls = pageLegend.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegend);\n\n        \/**\n         *  Collapse main title\n         *\/\n        (function (pageLegendList) {\n            const icon = pageLegendList.parentNode.querySelector(\".collapse-action-btn i\");\n\n            const collapseToggle = () => (e) => {\n                if (!e.target.isEqualNode(pageLegendList)) return;\n\n                icon.classList.toggle(\"up\");\n\n            }\n            pageLegendList.addEventListener('shown.bs.collapse', collapseToggle());\n            pageLegendList.addEventListener('hide.bs.collapse', collapseToggle());\n        })(pageLegendList);\n\n        (function (pageLegendList) {\n            const collapseEls = pageLegendList.querySelectorAll('.collapse');\n\n            collapseEls.forEach(function (el) {\n\n                const toggleArrowDirection = function (e) {\n                    if (!e.target.isEqualNode(el)) return;\n\n                    const id = this.getAttribute('id');\n                    document.querySelector(`.toc-sticky-list .collapse-action-btn[data-bs-target=\"#${id}\"] .icon-chevron-down`).classList.toggle('up');\n                }\n                el.addEventListener('shown.bs.collapse', toggleArrowDirection);\n                el.addEventListener('hide.bs.collapse', toggleArrowDirection);\n            })\n        })(pageLegendList);\n\n        \/**\n         * Sticky functionality\n         * Source: https:\/\/stackoverflow.com\/questions\/17893771\/javascript-sticky-div-after-scroll\n         *\/\n        (function (header, pageLegendCollapse) {\n            \/\/ set everything outside the onscroll event (less work per scroll)\n            const target = document.querySelector(\".toc-sticky\");\n            const targetListStatic = document.querySelector(\".toc-sticky-list\");\n\n            if (!target || !header) return;\n\n            const headerHeight = header.getBoundingClientRect().height;\n            const targetHeight = targetListStatic.getBoundingClientRect().height;\n\n            \/\/ -headerHeight so it won't be jumpy\n            const stop = targetListStatic.offsetTop + headerHeight + targetHeight;\n            const docBody =\n                document.documentElement || document.body.parentNode || document.body;\n            const hasOffset = window.pageYOffset !== undefined;\n\n            const applySticky = function () {\n                \/\/ cross-browser compatible scrollTop.\n                const scrollTop = hasOffset ? window.pageYOffset : docBody.scrollTop;\n\n                \/\/ if user scrolls to headerHeight from the top of the target div\n                if (scrollTop >= stop) {\n                    pageLegendCollapse.hide();\n                    \/\/ stick the div\n                    target.classList.add(\"sticky\");\n                    \/\/target.style.marginTop = `${headerHeight}px`;\n                } else {\n                    pageLegendCollapse.show();\n                    \/\/ release the div\n                    target.classList.remove(\"sticky\");\n                    target.style.marginTop = \"\";\n                }\n            }\n\n            applySticky();\n\n            window.addEventListener('scroll', applySticky);\n        })(header, pageLegendCollapse);\n\tjQuery('span.show_moretoc').click(function(){\n\t\tjQuery('span.show_moretoc').hide();\n\t   jQuery('.ms_hidetoc').show();\n\t});\n    });\n\n    \/\/ When the user clicks on the button, scroll to the top of the document\n    function btnTop() {\n        const pageLegend = document.querySelector('#multiCollapse1');\n        document.querySelector('html').classList.remove('overflow-hidden');\n        pageLegend.classList.remove('overflow-auto');\n        pageLegend.style.height = 'auto';\n        window.scrollTo({\n            top: 0,\n            behavior: 'smooth'\n        });\n    }\n\n    const handleScrollToTitle = (id) => {\n        const el = document.getElementById(id);\n        const headerHeightDifference = window.innerWidth < 992 ? -30 : -15;\n        window.scrollTo({\n            top: el.offsetTop - 60 - headerHeightDifference - 10,\n        });\n    }\n<\/script>\n\n<h2><span id=\"us_gov_goes_beyond_traditional_security\">U.S. Gov. Goes Beyond Traditional Security<\/span><\/h2>\n<p>On August 9, U.S. senators Mark R. Warner (D-VA) and James Lankford (R-OK) announced the <a href=\"https:\/\/www.warner.senate.gov\/public\/index.cfm\/pressreleases?id=277E9745-B3FA-400B-98D0-4395C1A75B50\" target=\"_blank\">introduction of a bipartisan bill<\/a> seeking tighter vulnerability disclosure rules for federal contractors.<\/p>\n<p>The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024 aims to mitigate the impact of cyberattacks by requiring federal contractors to adhere to the <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-216.pdf\" target=\"_blank\">vulnerability disclosure guidelines<\/a> set by the National Institute of Standards and Technology (NIST).<\/p>\n<p><a href=\"https:\/\/www.techopedia.com\/definition\/28637\/bug-bounty\">Bug bounty<\/a> programs \u2014 similar to vulnerability disclosure programs but more specifically focused and offering financial rewards \u2014 have become extremely popular among big tech companies like <a href=\"https:\/\/www.techopedia.com\/who-owns-amazon\">Amazon<\/a>, <a href=\"https:\/\/www.techopedia.com\/who-owns-alphabet-stock\">Google<\/a>, <a href=\"https:\/\/www.techopedia.com\/largest-microsoft-shareholders\">Microsoft<\/a>, <a href=\"https:\/\/www.techopedia.com\/definition\/32225\/openai\">OpenAI<\/a>, and many others.<\/p>\n<p>VDPs may not offer financial incentives but allow anyone, not just security researchers, <a href=\"https:\/\/www.techopedia.com\/definition\/16089\/ethical-hacker\">ethical hackers<\/a>, or <a href=\"https:\/\/www.techopedia.com\/definition\/16130\/penetration-testing-pen-testing\">penetration testers<\/a>, to report <a href=\"https:\/\/www.techopedia.com\/definition\/24864\/software-bug\">bugs<\/a> and <a href=\"https:\/\/www.techopedia.com\/definition\/13484\/vulnerability\">vulnerabilities<\/a> that attackers may exploit.<\/p>\n<p>Despite VDP&#8217;s potential, the industry and federal contractors themselves have been slow to capitalize on them due to a poor understanding of how they work, their positive impact, and their costs.<\/p>\n<p>Techopedia spoke with <a href=\"https:\/\/www.linkedin.com\/in\/ilona-cohen-3094b255\" target=\"_blank\"><strong>Ilona Cohen<\/strong><\/a><strong>, Chief Legal and Policy Officer of <\/strong><a href=\"https:\/\/www.hackerone.com\/\" target=\"_blank\"><strong>HackerOne<\/strong><\/a><strong>, <\/strong>to better understand the new Federal Contractor Cybersecurity Vulnerability Reduction Act and why it is important.<\/p>\n<p>Cohen said that the bipartisan legislation addresses a critical gap in the nation&#8217;s cybersecurity protections.<\/p>\n<blockquote><p>&#8220;This proactive approach to security will ensure that businesses are actively protecting government systems, critical infrastructure, and sensitive data from exploitation by malicious actors.<\/p>\n<p>&nbsp;<\/p>\n<p>&#8220;We applaud Senators Warner and Lankford for their leadership on this important issue.&#8221;<\/p><\/blockquote>\n<p><a href=\"https:\/\/www.warner.senate.gov\/public\/_cache\/files\/3\/f\/3f6625dc-09b1-4cf1-809a-015a3baf3718\/B66CD4E645A5A5730A15B0C90F3E6989.federal-contractor-cybersecurity-vulnerability-reduction-act-one-pager.pdf\" target=\"_blank\">In a recent document<\/a> (PDF), Senator Warner said that VDPs provide a way for organizations to receive unsolicited reports of vulnerabilities so that they can be patched.<\/p>\n<p>Receiving reports on suspected security vulnerabilities in information systems is one of the best ways for developers and services to become aware of issues, the Senator said.<\/p>\n<blockquote><p>&#8220;This legislation will ensure that federal contractors, along with federal agencies, are adhering to national guidelines that will better protect our critical infrastructure and sensitive data from potential attacks.&#8221;<\/p><\/blockquote>\n<h2><span id=\"why_the_new_law_pushes_federal_contractors_not_agencies_to_level_up\">Why the New Law Pushes Federal Contractors (not Agencies) to Level Up<\/span><\/h2>\n<p>HackerOne explained to Techopedia that federal agencies have already been mandated and implemented VDP programs. But, not all government contractors have adopted VDPs of their own.<\/p>\n<p>Federal contractors are an integral part of federal supply chains and infrastructure, and they pose a unique security risk given their proximity to government data and access to government networks.<\/p>\n<p>Federal agencies were mandated in 2020 to implement vulnerability disclosure programs through the Office of Management and Budget memorandum M-20-324, and the Department of Homeland Security issued <a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\" target=\"_blank\">Binding Operational Directive 20-01.5<\/a>.<\/p>\n<p>Under the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, the Office of Management and Budget (OMB) will oversee updates to the Federal Acquisition Regulation (FAR) to <strong>ensure federal contractors implement a vulnerability disclosure policy<\/strong> consistent with what is already required by federal agencies;<\/p>\n<p>Under the law, the Secretary of Defense will also be required to oversee updates to the Defense Federal Acquisition Regulation Supplement (DFARS) contract requirements to ensure that defense contractors implement them.<\/p>\n<p>&#8220;By requiring contractors to establish VDPs, good-faith security researchers can report identified vulnerabilities directly to the contractor, without requiring any additional reporting to a federal agency,&#8221;\u00a0 Senator Warner said.<\/p>\n<h2><span id=\"is_the_new_act_fair_for_all_companies\">Is the New Act Fair for All Companies?<\/span><\/h2>\n<p>Techopedia also spoke with <a href=\"https:\/\/www.linkedin.com\/in\/yakupkalvo\/\" target=\"_blank\"><strong>Jacob Kalvo<\/strong><\/a><strong>, cybersecurity expert and Co-Founder and CEO of <\/strong><a href=\"https:\/\/liveproxies.io\/\" target=\"_blank\"><strong>Live Proxies<\/strong><\/a><strong>, a proxy network provider.\u00a0\u00a0\u00a0<\/strong><\/p>\n<blockquote><p>&#8220;The Federal Contractor Cybersecurity Vulnerability Reduction Act was made on the back of the long trail of high-profile cyberattacks that swept across global domains in the aftermath of epic incidents, such as the SolarWinds breach and the Colonial Pipeline attack.&#8221;<\/p><\/blockquote>\n<p>Kalvo added that these cyberattacks exposed the weaknesses of federal contractors&#8217; supply chains and information systems.<\/p>\n<p>&#8220;These incidents highlighted the need for better cybersecurity measures throughout all civil and military sectors and unmasked failures by contractors to self-detect and self-correct vulnerabilities, being done for exploits by malevolent actors,&#8221; Kalvo said.<\/p>\n<blockquote><p>&#8220;Smaller companies might find it hard to marshal resources to meet these new requirements, creating barriers to entry for small businesses or raising costs for the federal government.&#8221;<\/p><\/blockquote>\n<p>Kalvo warned that rushed and rapid implementation may force quick or incomplete compliance and inadvertently introduce new security vulnerabilities.<\/p>\n<p>&#8220;That will evidently overly weigh on small businesses and startups that hitch their wagons to federal government contracts,&#8221; Kalvo said.<\/p>\n<blockquote><p>&#8220;Though the bill has security intentions, it is likely to impact the smaller contractors more, and this could discourage them from awarding the federal government contracts, or it could make them relatively dependent on third parties in cybersecurity, hence adding to their operational expense.&#8221;<\/p><\/blockquote>\n<p>Additional challenges for federal contractors include restructuring IT and cybersecurity departments to meet the standards of full-fledged VDPs and alignment with NIST guidelines, as well as investment and costs. According to Kalvo, all these roadblocks could end up favoring only a few large companies operating in the market.<\/p>\n<p>&#8220;This is a huge difference for many contractors, especially in the defense sector, where proactive and transparent cybersecurity practices mean not only financial investment but also a considerable cultural shift.&#8221;<\/p>\n<h2><span id=\"voting_machines_government_communication_providers_encryption_services_and_feasibility_of_the_act\">Voting Machines, Government Communication Providers, Encryption Services, and Feasibility of the Act<\/span><\/h2>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/jschmidt-bpm\/\" target=\"_blank\"><strong>Josh Schmidt<\/strong><\/a><strong> of <\/strong><a href=\"https:\/\/www.bpm.com\/\" target=\"_blank\"><strong>BPM<\/strong><\/a><strong>, an assurance, advisory, tax, and Wealth Management company<\/strong>, also spoke to Techopedia about the Act and highlighted the role of federal contractors in the core processes of democracy.<\/p>\n<blockquote><p>&#8220;Certainly the most notable is the concern that Voting Machines were or can be tampered with, and these are provided by several (at least 10) contractors.&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>&#8220;Other risks identified to federal systems (many provided by contracting services) are email services, cell phone services, and encryption services.&#8221;<\/p><\/blockquote>\n<p>Federal agencies rely on many outside companies for services like email and phone systems. These services often lack official security checks, leaving sensitive government information at risk of being stolen or compromised.<\/p>\n<p>Schmidt agreed that small companies will see cost challenges but said that the price of doing business with a government includes being above scrutiny standards.<\/p>\n<p>Tecopedia asked Schmidt how feasible it is for federal contractors to implement the mandated cybersecurity measures outlined in this legislation.<\/p>\n<blockquote><p>&#8220;It&#8217;s never easy for governments to do such. The intent and program are created, in most cases, without the knowledge of timeline or ability to meet timelines.&#8221;<\/p><\/blockquote>\n<h2><span id=\"the_bottom_line\">The Bottom Line<\/span><\/h2>\n<p>Government back-end technology and front-end systems are subject to huge pressure today, given the increased cyber hostilities against governments and those working with them.<\/p>\n<p>This bipartisan law should have probably come sooner, and yes, it may present some difficulties for small companies that want to be federal contractors and must meet this prerequisite. However, it is definitely a step forward that both the industry and the government need to take right now.<\/p>\n<div class=\"reference-content\">\n<div class=\"reference-heading reference-content-collapsible-heading\">\n<h2><span id=\"references\">References<\/span><\/h2>\n<\/div>\n<div class=\"reference-content-body\">\n<ol>\n<li><a href=\"https:\/\/www.warner.senate.gov\/public\/index.cfm\/pressreleases?id=277E9745-B3FA-400B-98D0-4395C1A75B50\" target=\"_blank\">Warner, Lankford Announce Legislation to Strengthen Federal Cybersecurity Measures, Implement Mandatory Vulnerability Disclosure Policies &#8211; Press Releases &#8211; Mark R. Warner<\/a> (Warner.senate)<\/li>\n<li><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-216.pdf\" target=\"_blank\">Recommendations for Federal Vulnerability Disclosure Guidelines<\/a> (Nvlpubs.nist)<\/li>\n<li><a href=\"https:\/\/www.linkedin.com\/in\/ilona-cohen-3094b255\" target=\"_blank\">Ilona Cohen &#8211; HackerOne | LinkedIn<\/a> (Linkedin)<\/li>\n<li><a href=\"https:\/\/www.hackerone.com\/\" target=\"_blank\">HackerOne | #1 Trusted Security Platform and Hacker Program<\/a> (Hackerone)<\/li>\n<li><a href=\"https:\/\/www.warner.senate.gov\/public\/_cache\/files\/3\/f\/3f6625dc-09b1-4cf1-809a-015a3baf3718\/B66CD4E645A5A5730A15B0C90F3E6989.federal-contractor-cybersecurity-vulnerability-reduction-act-one-pager.pdf\" target=\"_blank\">Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024<\/a> (Warner.senate)<\/li>\n<li><a href=\"https:\/\/www.cisa.gov\/news-events\/directives\/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\" target=\"_blank\">BOD 20-01: Develop and Publish a Vulnerability Disclosure Policy | CISA<\/a> (Cisa)<\/li>\n<li><a href=\"https:\/\/www.linkedin.com\/in\/yakupkalvo\/\" target=\"_blank\">Yakup Kalvo<\/a> (Linkedin)<\/li>\n<li><a href=\"https:\/\/liveproxies.io\/\" target=\"_blank\">Buy Private Residential &amp; Mobile Proxy Solutions | Live Proxies<\/a> (Liveproxies)<\/li>\n<li><a href=\"https:\/\/www.linkedin.com\/in\/jschmidt-bpm\/\" target=\"_blank\">Josh Schmidt<\/a> (Linkedin)<\/li>\n<li><a href=\"https:\/\/www.bpm.com\/\" target=\"_blank\">BPM &#8211; Assurance, Advisory, Tax &amp; Wealth Management<\/a> (Bpm)<\/li>\n<\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>In 2014 and 2015, two interconnected cyberattacks targeted and breached the U.S. Office of Personnel Management (OPM), a federal agency. Data, including social security numbers of 21.5 million people, were stolen. Six years later, in 2021, the Colonial Pipeline ransomware attack crippled a major fuel pipeline, disrupting supply chains across the Eastern United States and [&hellip;]<\/p>\n","protected":false},"author":286688,"featured_media":302137,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"no","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[580],"tags":[],"category_partsoff":[],"class_list":["post-302133","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-assurance"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.2 (Yoast SEO v24.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis - Techopedia<\/title>\n<meta name=\"description\" content=\"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis\" \/>\n<meta property=\"og:description\" content=\"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-26T14:08:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"686\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Ray Fernandez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techopedia\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ray Fernandez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\"},\"author\":{\"name\":\"Ray Fernandez\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\"},\"headline\":\"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis\",\"datePublished\":\"2024-08-26T14:08:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\"},\"wordCount\":1408,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp\",\"articleSection\":\"\",\"inLanguage\":\"en-US\",\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\",\"url\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\",\"name\":\"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis - Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp\",\"datePublished\":\"2024-08-26T14:08:17+00:00\",\"description\":\"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp\",\"width\":1200,\"height\":686,\"caption\":\"Exploring the U.S. \u2018Report a Vulnerability\u2019 AcT Expert Analysis\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information Assurance\",\"item\":\"https:\/\/www.techopedia.com\/topic\/167\/information-assurance\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg\",\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c\",\"name\":\"Ray Fernandez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg\",\"caption\":\"Ray Fernandez\"},\"description\":\"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ray-fernandez\/\"],\"knowsAbout\":[\"Senior Technology Journalist\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/rayfernandez\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis - Techopedia","description":"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis","og_description":"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.","og_url":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_published_time":"2024-08-26T14:08:17+00:00","og_image":[{"width":1200,"height":686,"url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp","type":"image\/webp"}],"author":"Ray Fernandez","twitter_card":"summary_large_image","twitter_creator":"@techopedia","twitter_site":"@techopedia","twitter_misc":{"Written by":"Ray Fernandez","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis"},"author":{"name":"Ray Fernandez","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c"},"headline":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis","datePublished":"2024-08-26T14:08:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis"},"wordCount":1408,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"image":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp","articleSection":"","inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/www.techopedia.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis","url":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis","name":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis - Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage"},"image":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage"},"thumbnailUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp","datePublished":"2024-08-26T14:08:17+00:00","description":"Learn why a new law wants to mandate all federal contractors to deploy and manage a vulnerability disclosure program.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#primaryimage","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2024\/08\/Exploring-the-U.S.-\u2018Report-a-Vulnerability-AcT-Expert-Analysis.webp","width":1200,"height":686,"caption":"Exploring the U.S. \u2018Report a Vulnerability\u2019 AcT Expert Analysis"},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/exploring-the-u-s-report-a-vulnerability-act-expert-analysis#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Information Assurance","item":"https:\/\/www.techopedia.com\/topic\/167\/information-assurance"},{"@type":"ListItem","position":4,"name":"Exploring the U.S. \u2018Report a Vulnerability\u2019 Act: Expert Analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2025\/02\/techopedia-light-logo.svg","caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/687890072e5e44867899acd7d6176e6c","name":"Ray Fernandez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/10\/avatar_user_286688_1698354675-300x300.jpg","caption":"Ray Fernandez"},"description":"Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.","sameAs":["https:\/\/www.linkedin.com\/in\/ray-fernandez\/"],"knowsAbout":["Senior Technology Journalist"],"url":"https:\/\/www.techopedia.com\/contributors\/rayfernandez"}]}},"modified_by":"arina livanenkova","_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/302133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/286688"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=302133"}],"version-history":[{"count":1,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/302133\/revisions"}],"predecessor-version":[{"id":302134,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/posts\/302133\/revisions\/302134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media\/302137"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=302133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/categories?post=302133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/tags?post=302133"},{"taxonomy":"category_partsoff","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/category_partsoff?post=302133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}