The Federal Trade Commission submitted public comments to the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) on a draft template, developed by a diverse group of stakeholders, designed to be used by industry participants to communicate their policies on disclosing security vulnerabilities.
Stakeholders including cybersecurity researchers, industry representatives, academics, and civil society advocates developed the draft template to improve cooperation between security researchers and vendors on vulnerability disclosures under the multistakeholder process convened by NTIA. The draft template includes model language that companies can use when developing a public-facing disclosure policy, and was released for public comment by NTIA in December 2016 on behalf of stakeholders.
In its comment on the template, the Commission staff noted that the FTC also has addressed the issue of vulnerability disclosure in its data security guidance, policy reports and through its business education campaigns.
While the draft template is aimed at safety-critical industries, such as automobile and medical device manufacturers, FTC staff said in its comments that the template could be a useful tool for any company providing software-based products and services to consumers. Staff, therefore recommended that the introduction to the draft template be revised to make clear that the recommendations could apply to more than just safety-critical industries. In its comment, the staff noted that companies that provide Internet-connected products or collect sensitive consumer information should consider implementing a vulnerability disclosure policy and related processes.
The Commission vote authorizing staff to file the comment was 2-0.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.