At a glance.
- CISA BOD 20-21 and "good faith" bug hunting.
- US considers banning more Chinese apps.
- House to investigate DHS decision on Russian influence campaign report.
- US Department of Justice may file antitrust complaint against Google as early as this month.
Observers fasten on "good faith" white hat hacking aspects of CISA Binding Operational Directive.
The Wall Street Journal exemplifies a common reaction to the US Cybersecurity and Infrastructure Security Agency's (CISA) Binding Operational Directive 20-21, issued yesterday: it enunciates protection for white hat hackers inspecting Government systems in good faith. Bugcrowd's Founder, Chairman, and CTO, Casey Ellis, offered applause from the bug-hunting industry, as well as a set of suggestions CISA might follow as it oversees implementation of the Binding Operational Directive. They're grounded in the experience of administering bug bounty programs:
- "Prioritize the enablement of per-agency roadmap development."
- "Set a clear expectation that restrictive scope is unlikely to be followed by Finders, and that scope control isn’t the purpose of an organizational Vulnerability Disclosure Program."
- "Extend the timeline to a fully public vulnerability disclosure program."
- "Treat CERT/CC or other centralized points of intake as the exception process, not the primary process."
- "Double down on the encouragement of 'good-faith authorization' (aka Safe Harbor)."
- "Continue to clearly disambiguate 'vulnerability disclosure' from 'bug bounty' and 'private crowdsourced security'."
- "Disambiguate researcher, contractor, etc to 'Finder' where possible."
Report: more Chinese apps on the US chopping block.
CNBC reports that, as recently enacted Chinese export controls stall the sale of TikTok operations to a US company, the US Administration is considering banning more Chinese apps on national security grounds. Which ones are candidates for banning was not immediately specified.
US House to open an investigation of DHS's hold on disclosing a Russian disinformation effort.
The House Intelligence Committee intends to investigate the Department of Homeland Security's decision not to release a report from the Department's Office of Intelligence and Analysis, ABC News reports. Committee Chair Adam Schiff (Democrat, California 28th District) said the inquiry will determine whether the decision not to give the draft report, a description of a Russian plan to call Democratic Presidential nominee Joe Biden's mental health into question, wide circulation within the Government was politically motivated. DHS has said the draft report "lacked the necessary context and evidence for broader dissemination."
The US Department of Justice moves closer to bringing an antitrust case against Google.
According to the New York Times, the US Justice Department intends to bring an antitrust case against Google as early as this month. The move has long been considered probable, and Attorney General Barr has directed that the investigation has enough to proceed, and that Departmental lawyers who wish for more time to put the case together need to be given a deadline.