The House late Tuesday voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. The policy would include how parties should disclose vulnerabilities that they discover, and how DHS should then move to mitigate or remediate them. The House Homeland Security Committee approved the bill on Sept. 13, and the Senate approved its companion measure–S. 1281–in April.
Separately, the House also voted late Tuesday to approve HR 5433, which directs the State Department to establish a vulnerability disclosure program to improve cybersecurity, including identifying which IT should be included, providing means of reporting discovered security vulnerabilities, and identifying offices responsible for addressing security vulnerability disclosures. The bill also requires State to establish a bug bounty pilot program to provide compensation for reports of previously unidentified security vulnerabilities of its internet-facing IT. HR 5433 does not appear to have a Senate companion bill.