H.R. 2980 would authorize the Cybersecurity and Infrastructure Security Agency (CISA) to disseminate information to the public about vulnerabilities in the software and hardware of information systems. The bill would authorize CISA to establish an award program to encourage researchers to disclose such vulnerabilities to the agency. The bill also would require CISA to assess and report to the Congress on the effectiveness of its vulnerability disclosure programs.
CISA is already performing many of the cybersecurity activities that would be authorized by H.R. 2980. The agency manages several programs that provide services and information to help system administrators, software manufacturers, and the general public mitigate cyber vulnerabilities.