Gerry Connolly said "Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I appreciate today's consideration of the Federal Contractor Cybersecurity Vulnerability Reduction Act, as well as the work of Chairwoman Mace and Ranking Member Brown in leading this legislation for us today. The bill would ensure that Federal contractors implement vulnerability disclosure policies consistent with the guidance and guidelines of the National Institute of Standards and Technology, industry best practices, and international standards. Mr. Speaker, each year, software developers, security researchers, and others discover tens of thousands of security vulnerabilities in computer software and systems. For example, in 2023 alone, more than 29,000 common vulnerabilities and exposures were logged in this widely used National Vulnerability Database. If companies established a process for accepting, assessing, and managing reports of such vulnerabilities, otherwise known as vulnerability disclosure policies, they can make use of such discoveries to fix problems before they are exploited by malign actors. Vulnerability disclosure policies are an extremely effective tool. Most Federal agencies already have such policies, as do Federal contractors and subcontractors providing information systems and Internet of Things devices to Federal agencies.…" @ PoliticalQuotes.com

On the recordMarch 3, 2025

Mr. Speaker, I yield myself such time as I may consume. Mr. Speaker, I appreciate today's consideration of the Federal Contractor Cybersecurity Vulnerability Reduction Act, as well as the work of Chairwoman Mace and Ranking Member Brown in leading this legislation for us today. The bill would ensure that Federal contractors implement vulnerability disclosure policies consistent with the guidance and guidelines of the National Institute of Standards and Technology, industry best practices, and international standards. Mr. Speaker, each year, software developers, security researchers, and others discover tens of thousands of security vulnerabilities in computer software and systems. For example, in 2023 alone, more than 29,000 common vulnerabilities and exposures were logged in this widely used National Vulnerability Database. If companies established a process for accepting, assessing, and managing reports of such vulnerabilities, otherwise known as vulnerability disclosure policies, they can make use of such discoveries to fix problems before they are exploited by malign actors. Vulnerability disclosure policies are an extremely effective tool. Most Federal agencies already have such policies, as do Federal contractors and subcontractors providing information systems and Internet of Things devices to Federal agencies.…

Said by

Gerry Connolly

Democratic · Virginia

Source

Congressional Record · 2025-03-03