WannaCry and Petya, among other high-profile breaches, have sparked new conversations at Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and definitions are all over the map. Would a national breach disclosure law make life easier for companies desperately trying to comply? Or would it simply add more complexities when, for example, a state law is more stringent than the federal one?
This topic is one that we’ve been talking about quite a bit with our Veracode colleagues, especially in light of some fairly scary findings in our 2017 State of Software Security Report – including the fact that 88 percent of Java applications had at least one component-based vulnerability.
In this month’s Cyber Second Podcast, we connected with Veracode Director of Global Government Relations Jamie Brown (@JamiesonBrown) to take a look at the viability of, and issues around, a potential national data breach disclosure law.