Lawmakers Ask for Disclosure Updates, Bots Must Show ID, FedRAMP Gets a Refresh

Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.

Lawmakers Want Update to Vulnerability Disclosure Guidance

Sen. John Thune, R-S.D., chairman of the Senate Commerce, Science, & Transportation committee, and Rep. Greg Walden, R-Ore., chairman of the House Energy and Commerce committee, in a July 17 letter to the director of the Computer Emergency Readiness Team Coordination Center, are requesting that CERT/CC update its policies and procedures to provide better guidance on coordinated vulnerability disclosure (CVD). The letter follows a Senate hearing on the Spectre and Meltdown vulnerabilities. The congressmen expressed concerns over patching timelines, saying that certain companies, such as those in critical infrastructure sectors, need additional time to test patches before applying them. They also said that certain language regarding patch availability “may inadvertently increase the likelihood of vulnerability exploitation by providing a false sense of security.” They are asking CERT/CC – which authors a CVD guide cited by many as a “best practice” document in the Spectre and Meltdown patching process – to clarify language and update policies so that future CVDs can be improved.

California Bill Would Require Bots to ID Themselves

A bill introduced in the California state legislature on Monday would require automated bot accounts on social media to identify themselves as bots via disclaimers displayed on the accounts. The legislation would also require that any advertising purchased on social media platforms must be made by accounts that verified to be controlled by an actual human, according to Assemblyman Marc Levine, D-San Rafael, who introduced the legislation.

FedRAMP Updates Its Website

FedRAMP on Monday announced updates to its website that aim to help users find resources and information faster. A new Table Sort feature on the Documents and Templates pages allows users to sort information based on category, title, description, type, and date. A new search feature makes it easier to find relevant pages, blogs, and documents.

LabCorp Detects Hack

LabCorp, which operates one of the largest clinical laboratory networks in the world, said it is investigating a cyber breach that potentially impacted millions of healthcare records. In a filing with the Securities and Exchange Commission, LabCorp said that it “detected suspicious activity on its information technology network” over the weekend of July 14. As a result, LabCorp “immediately took certain systems offline,” which impacted test processing and customer access to test results. The filing, dated July 16, said that the suspicious activity was only detected on LabCorp Diagnostics systems and that there is currently no indication of unauthorized transfer or misuse of data. LabCorp said it has notified relevant authorities, but did not indicate who might be behind the cyberattack.

Recent