Emerging Technologies Law is a blog by William Ting which examines 21st century legal, business & Social tech issues.

DOJ's Guidance on Vulnerabilities Disclosures

DOJ's Guidance on Vulnerabilities Disclosures

fighting the good fight (open source image)

fighting the good fight (open source image)

          One of the best ways to combat cyber-attacks is information sharing.  If Company A’s systems have been compromised, Company A may voluntarily share the nature and details of that attack with other private firms and various regulators as well (like the U.S. Department of Homeland Security). 

         But many companies do not have a formal established policy that guides them on how to receive and provide vulnerabilities reports to outsiders, when to provide such reports, and to whom should they share vulnerabilities (like the vendors whose systems were affected).

          Last week the U.S. Department of Justice issued guidelines to assist entities on how to establish a formal policy on vulnerabilities disclosure. The guidance was drafted by the Criminal Division’s Cybersecurity Unit.

          Of particular note, the DOJ reminds firms that they may need to seek proper authorization to include information about vulnerabilities that implicates third-party interests (like a cloud service provider or developers of publicly shared apps).

#Cybersecurity #vulnerabilitydisclosure #incidentresponse

 

 

ICOs the new ICBMs!?

ICOs the new ICBMs!?

Intersection: Patent & Securities Law

Intersection: Patent & Securities Law