In the wake of the recent WannaCry ransomware attacks, U.S. Sens. Ron Johnson (R-WI) and Brian Schatz (D-HI) introduced the Protecting Our Ability to Counter Hacking (PATCH) Act, which adds a layer of transparency and accountability to government procedures for retaining or disclosing vulnerabilities in technology products, services and systems.
The U.S. government, along with numerous private entities, are currently researching and finding zero day vulnerabilities, which are classified as flaws that were unseen by developers and leave systems vulnerable to hacking. In most cases, the government will disclose vulnerabilities to the developer so that they can be fixed, however, some can be retained for national security purposes.
The PATCH Act will seek to codify current government practices to review all vulnerabilities, while designating the U.S. Department of Homeland Security as the chair of a new interagency review board. In addition, the bill will create a new oversight mechanism to improve both transparency and accountability, while seeking to enhance the public’s trust in the process.
“It is essential that government agencies make zero-day vulnerabilities known to vendors whenever possible, and the PATCH Act requires the government to swiftly balance the need to disclose vulnerabilities with other national security interests while increasing transparency and accountability to maintain public trust in the process,” Johnson said.
Since its introduction, the bill has received support from the Coalition for Cybersecurity Policy and Law, McAfee, Mozilla, and the Information Technology and Innovation Foundation.