Dive Brief:
-
The U.S. National Telecommunications and Information Administration (NTIA) wants to bring security researchers, software vendors and IT system operators together to reach a consensus on how to disclose cybersecurity vulnerabilities.
-
NTIA will hold a series of meetings intended to improve collaboration on the disclosure and response regarding vulnerabilities.
-
The first meeting will be held Sept. 29 at the University of California, Berkeley.
Dive Insight:
Researchers' public disclosure of previously unknown vulnerabilities has been controversial, with software vendors complaining the information can help hackers take action before the vulnerabilities can be patched. But some researchers believe that public disclosure gives software vendors an incentive to issue patches.
NTIA Deputy Assistant Secretary Angela Simpson said that when a researcher discovers a vulnerability, "we'd like to promote collaboration, rather than antipathy, between the researcher and the vendor."
