PATCH Act of 2017 2017-05-17 Introduced in House Protecting Our Ability to Counter Hacking Act of 2017 or the PATCH Act of 2017

This bill establishes the Vulnerability Equities Review Board to establish and make available to the public policies on matters relating to whether, when, how, to whom, and to what degree information about a vulnerability in a technology, product, system, service, or application that is not publicly known should be shared or released by the government to a non-federal entity. The board must submit to Congress and the President a draft of such policies, along with a description of challenges or impediments requiring legislative or administrative action.

Each federal agency shall, upon obtaining information about such a vulnerability, subject such information to a process established by the board for sharing or releasing the information. Process considerations shall include:

  • which technologies, products, systems, services, or applications are subject to the vulnerability;
  • the potential risks of leaving the vulnerability unpatched or unmitigated;
  • the likelihood that a non-federal entity will discover the vulnerability; and
  • whether the vulnerability can be patched or otherwise mitigated.

An agency may share or release such information to a non-federal entity without subjecting it to such process if the agency determines that the information is presumptively shareable or releasable.

If the board determines that such information should be shared with or released to the vendor that developed or maintains the technology, it shall provide the information to the Department of Homeland Security, which shall share or release the information as directed by the board.

]]> text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.