The FTC released public comments yesterday on the National Telecommunications and Information Administration’s (NTIA) draft “Early Stage” Coordinated Vulnerability Disclosure Template released in December 2016.  The draft template was released by the NTIA Safety Working Group as part of a multistakeholder process that convened security researchers and software and system developers and owners to address security vulnerability disclosure.

The FTC’s comments highlighted the importance of coordinated vulnerability disclosure efforts, stating that “companies should communicate and coordinate with the security research community as part of a continuous process of detecting and remediating software vulnerabilities,” and cited its prior enforcement actions and Staff guidance on the subject.  The FTC encouraged transparency in vulnerability reporting by both researchers and companies, and promoted the model vulnerability disclosure policy language in the draft template as “a useful asset for companies seeking to draft a public-facing vulnerability disclosure policy that helps forge common expectations with researchers regarding vulnerability handling timelines and processes.”
Continue Reading FTC Comments on NTIA’s Cybersecurity Vulnerability Disclosure Template

The Federal Trade Commission announced this week that it will host a workshop to explore potential privacy and security implications raised by the increasing use of facial recognition technology.  The discussion will take place on December 8, 2011 in Washington, DC.

According to the FTC, the workshop, which is free and open to the public, may focus on topics including:

Continue Reading FTC To Hold Facial Recognition Technology Workshop