80 FR 52454 - Multistakeholder Process To Promote Collaboration on Vulnerability Research Disclosure
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration Federal Register Volume 80, Issue 168 (August 31, 2015)
National Telecommunications and Information Administration
Federal Register Volume 80, Issue 168 (August 31, 2015)
| Page Range | 52454-52455 | |
| FR Document | 2015-21500 |
[Federal Register Volume 80, Number 168 (Monday, August 31, 2015)] [Notices] [Pages 52454-52455] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-21500] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Multistakeholder Process To Promote Collaboration on Vulnerability Research Disclosure AGENCY: National Telecommunications and Information Administration, Commerce. ACTION: Notice of open meeting. ----------------------------------------------------------------------- SUMMARY: The National Telecommunications and Information Administration (NTIA) will convene meetings of a multistakeholder process concerning the collaboration between security researchers and software and system developers and owners to address security vulnerability disclosure. This Notice announces the first meeting, which is scheduled for September 29, 2015. DATES: The meeting will be held on September 29, 2015, from 9:00 a.m. to 3:00 p.m., Pacific Time. See SUPPLEMENTARY INFORMATION for details. ADDRESSES: The meeting will be held in the Booth Auditorium at the University of California, Berkeley, School of Law, Boalt Hall, Bancroft Way and Piedmont Avenue, Berkeley, CA 94720-7200. FOR FURTHER INFORMATION CONTACT: Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone (202) 482-4281; email; [email protected]. Please direct media inquiries to NTIA's Office of Public Affairs, (202) 482- 7002; email [email protected]. SUPPLEMENTARY INFORMATION: Background: On March 19, 2015, the National Telecommunications and Information Administration, working with the Department of Commerce's Internet Policy Task Force (IPTF), issued a Request for Comment to ``identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.'' \1\ This Request built on earlier work from the Department, including the 2011 Green Paper Cybersecurity, Innovation, and the Internet Economy,\2\ as well as comments the Department had received on related issues.\3\ --------------------------------------------------------------------------- \1\ U.S. Department of Commerce, Internet Policy Task Force, Request for Public Comment, Stakeholder Engagement on Cybersecurity in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01 (Mar. 19, 2015), available at: http://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf. \2\ U.S. Department of Commerce, Internet Policy Task Force, Cybersecurity, Innovation, and the Internet Economy (June 2011) (Green Paper), available at: http://www.nist.gov/itl/upload/Cybersecurity_Green-Paper_FinalVersion.pdf. \3\ See Comments Received in Response to Federal Register Notice Developing a Framework for Improving Critical Infrastructure Cybersecurity, Docket No. 140721609-4609-01, available at: http://csrc.nist.gov/cyberframework/rfi_comments_10_2014.html. --------------------------------------------------------------------------- The IPTF asked for suggestions of security challenges that an NTIA- convened multistakeholder group could address, and offered a dozen potential topics for explicit feedback.\4\ We received 35 comments from a range of stakeholders, including trade associations, large companies, cybersecurity startups, civil society organizations and independent computer security experts.\5\ The comments highlight a range of issues that might be addressed through the multistakeholder process and suggest various ways in which the group's work could be structured. --------------------------------------------------------------------------- \4\ Request for Public Comment, supra note 1. \5\ NTIA has posted the public comments received at http://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem. --------------------------------------------------------------------------- Of the topics suggested, the challenge of collaboration between security researchers and system and software vendors stands out as a critical issue where reaching some consensus on shared goals, principles, and practices is both feasible and necessary. On July 9, 2015, after reviewing the comments, NTIA announced that the first issue to be addressed would be ``collaboration on vulnerability research disclosure.'' \6\ While this is not the first discussion on the topic, stakeholders have presented the case that the time is right to make further progress among ecosystem players by achieving consensus and a commitment to baseline principles and accepted practices. --------------------------------------------------------------------------- \6\ NTIA, Enhancing the Digital Economy Through Collaboration on Vulnerability Research Disclosure (July 9, 2015), available at: http://www.ntia.doc.gov/blog/2015/enhancing-digital-economy-through-collaboration-vulnerability-research-disclosure. --------------------------------------------------------------------------- This issue is commonly referred to as the question of ``vulnerability disclosure.'' For as long as humans have created software there have been software ``bugs.'' \7\ Many of these bugs can introduce vulnerabilities, leaving the users of the systems and software at risk. The nature of these risks vary, and mitigating these risks requires various efforts from the developers and owners of these systems. Security researchers of all varieties, including academics, professionals, and those who simply enjoy thinking about security may identify these bugs for a number of reasons, and in a wide range of contexts. How researchers should handle these vulnerabilities, and how vendors should work with researchers has been the matter of active debate for many years, since before the turn of the millennium.\8\ Several points have been actively debated. Researchers have expressed concerns that vendors do not respond in a timely fashion, leaving users at risk. Vendors worry about the time, expense, and added complexity of addressing every vulnerability, as well as the risks introduced by potentially disclosing vulnerabilities before they can be patched or mitigated. Given that all good faith actors care about security, there is room to find common ground. --------------------------------------------------------------------------- \7\ See, e.g., Peter Wayner, Smithsonian Honors the Original Bug in the System, N.Y. Times (Dec. 7, 1997), available at: http://www.nytimes.com/library/cyber/week/120497bug.html. \8\ For a bibliography of research, proposed standards, online discussions and other resources, see University of Oulu Secure Programming Group, Juhani Eronen & Ari Takanen eds., Vulnerability Disclosure Publications and Discussion Tracking, available at: https://www.ee.oulu.fi/research/ouspg/Disclosure_tracking (last visited Aug. 20, 2015). --------------------------------------------------------------------------- The goal of this process is neither to replicate past discussions nor duplicate existing initiatives. As information security is gaining more attention in the collective consciousness due to a series of high profile cybersecurity incidents and disclosed vulnerabilities, more firms and organizations are considering how to engage with third party researchers, just as they are exploring other security tools and processes. The security community itself has worked to promote better collaboration. More software vendors and system owners are offering ``bug bounty'' programs that reward researchers for sharing vulnerability information. In addition to enterprises that buy vulnerabilities and sell them to vendors, new business models have emerged to help organizations develop and manage bug bounty programs. Leading experts at the International Standards Organization have developed, and are continuing to revise, a formal standard for vendors on how to manage incoming vulnerability [[Page 52455]] information.\9\ NTIA's process is meant to complement these ongoing developments, as well as existing standards and practices developed by other organizations, by bringing together all relevant stakeholders to find consensus on the overarching goals and principles for successful sharing and handling of vulnerability information. By coming together at this critical juncture, stakeholders can expand norms and expectations for the adoption, adaptation, and innovation of practices and standards. --------------------------------------------------------------------------- \9\ ISO Standard 29147, Vulnerability Disclosure Overview (2014), available at: http://www.iso.org/iso/catalogue_detail.htm?csnumber=45170. --------------------------------------------------------------------------- The goal of this process will be to develop a broad, shared understanding of the overlapping interests between security researchers and the vendors and owners of products discovered to be vulnerable, and establish a consensus about voluntary principles to promote better collaboration. The question of how vulnerabilities can and should be disclosed will be a critical part of the discussion, as will how vendors receive and respond to this information. However, disclosure is only one aspect of successful collaboration. One goal of the overall NTIA process is to promote a digital economy that more strongly emphasizes security and develops community-driven or market-based forces to better and more rapidly secure the digital ecosystem. Stakeholders will determine the exact nature of the outcome of this process. Since it is unlikely that a one-size-fits all solution will be feasible in this dynamic space, stakeholders will need to determine how to scope and organize the work through sub-groups or other means. Success of the process will be evaluated by the extent to which stakeholders embrace and implement the consensus findings within their individual practices or organizations. Although the stakeholders determine the outcome of the process, it is important to note that the process will not result in a regulatory policy or new law, nor focus on law enforcement or other non-commercial government use of vulnerability data. Matters To Be Considered: The September 29, 2015, meeting will be the first in a series of NTIA-convened multistakeholder discussions concerning collaboration on vulnerability disclosure. Subsequent meetings will follow on a schedule determined by those participating in the first meeting. Stakeholders will engage in an open, transparent, consensus-driven process to develop voluntary principles guiding the collaboration between vendors and researchers about vulnerability information. The multistakeholder process will involve hearing and understanding the perspectives of diverse stakeholders, from a wide range of both vendors and researchers, while seeking a consensus that enables collaboration for a more secure digital ecosystem. The September 29, 2015, meeting is intended to bring stakeholders together to begin to share the range of views on how vulnerability information is shared by researchers, how it is received and used by vendors, and to establish more concrete goals and structure of the process. The objectives of this first meeting are to: (1) Briefly share different perspectives on how vulnerability information is shared, received, and resolved; (2) briefly review perceived challenges in successful collaborations; (3) engage stakeholders in a discussion of high-priority substantive issues stakeholders believe should be addressed; (4) engage stakeholders in a discussion of logistical issues, including internal structures such as a small drafting committee or various working groups, and the location and frequency of future meetings; and (5) identify concrete goals and stakeholder work following the first meeting. The main objective of further meetings will be to encourage and facilitate continued discussion among stakeholders to build consensus around the principles guiding successful collaboration. This discussion may include circulation of stakeholder-developed straw-man drafts and discussion of the appropriate scope of the initiative. Stakeholders may also agree on procedural work plans for the group, including additional meetings or modified logistics for future meetings. NTIA suggests that stakeholders consider setting clear deadlines for a working draft, and consider a phase for external review of this draft, before reconvening to take account of external feedback. More information about stakeholders' work will be available at: http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities. Time and Date: NTIA will convene the first meeting of the multistakeholder process to promote collaboration on vulnerability research disclosure on September 29, 2015, from 9:00 a.m. to 3:00 p.m., Pacific Time. Please refer to NTIA's Web site, http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities, for the most current information. Place: The meeting will be held in the Boardroom in the Booth Auditorium at the University of California, Berkeley, School of Law, Boalt Hall, Bancroft Way and Piedmont Avenue, Berkeley, CA 94720-7200. The location of the meeting is subject to change. Please refer to NTIA's Web site, http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities, for the most current information. Other Information: The meeting is open to the public and the press on a first-come, first-served basis. Space is limited. To assist the agency in determining space and webcast technology requirements, NTIA requests that interested persons pre-register for the meeting at http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities. The meeting is physically accessible to people with disabilities. Requests for sign language interpretation or other auxiliary aids should be directed to Allan Friedman at (202) 482-4281 or [email protected] at least seven (7) business days prior to each meeting. The meetings will also be webcast. Requests for real-time captioning of the webcast or other auxiliary aids should be directed to Allan Friedman at (202) 482-4281 or [email protected] at least seven (7) business days prior to each meeting. There will be an opportunity for stakeholders viewing the webcast to participate remotely in the meetings through a moderated conference bridge, including polling functionality. Access details for the meetings are subject to change. Please refer to NTIA's Web site, http://www.ntia.doc.gov/other-publication/2015/multistakeholder-process-cybersecurity-vulnerabilities, for the most current information. Dated: August 26, 2015. Kathy D. Smith, Chief Counsel, National Telecommunications and Information Administration. [FR Doc. 2015-21500 Filed 8-28-15; 8:45 am] BILLING CODE 3510-60-P
![52454 Federal Register / Vol. 80, No. 168 / Monday, August 31, 2015 / Notices
Dated: August 25, 2015. organizations and consumers.’’ 1 This created software there have been
Julia Harrison, Request built on earlier work from the software ‘‘bugs.’’ 7 Many of these bugs
Chief, Permits and Conservation Division, Department, including the 2011 Green can introduce vulnerabilities, leaving
Office of Protected Resources, National Paper Cybersecurity, Innovation, and the users of the systems and software at
Marine Fisheries Service. the Internet Economy,2 as well as risk. The nature of these risks vary, and
[FR Doc. 2015–21390 Filed 8–28–15; 8:45 am] comments the Department had received mitigating these risks requires various
BILLING CODE 3510–22–P on related issues.3 efforts from the developers and owners
The IPTF asked for suggestions of of these systems. Security researchers of
security challenges that an NTIA-
all varieties, including academics,
DEPARTMENT OF COMMERCE convened multistakeholder group could
professionals, and those who simply
address, and offered a dozen potential
National Telecommunications and enjoy thinking about security may
topics for explicit feedback.4 We
Information Administration received 35 comments from a range of identify these bugs for a number of
stakeholders, including trade reasons, and in a wide range of contexts.
Multistakeholder Process To Promote associations, large companies, How researchers should handle these
Collaboration on Vulnerability cybersecurity startups, civil society vulnerabilities, and how vendors should
Research Disclosure organizations and independent work with researchers has been the
computer security experts.5 The matter of active debate for many years,
AGENCY: National Telecommunications since before the turn of the
comments highlight a range of issues
and Information Administration, millennium.8 Several points have been
that might be addressed through the
Commerce. actively debated. Researchers have
multistakeholder process and suggest
ACTION: Notice of open meeting. various ways in which the group’s work expressed concerns that vendors do not
could be structured. respond in a timely fashion, leaving
SUMMARY: The National Of the topics suggested, the challenge users at risk. Vendors worry about the
Telecommunications and Information of collaboration between security time, expense, and added complexity of
Administration (NTIA) will convene researchers and system and software addressing every vulnerability, as well
meetings of a multistakeholder process vendors stands out as a critical issue as the risks introduced by potentially
concerning the collaboration between where reaching some consensus on disclosing vulnerabilities before they
security researchers and software and shared goals, principles, and practices is can be patched or mitigated. Given that
system developers and owners to both feasible and necessary. On July 9, all good faith actors care about security,
address security vulnerability 2015, after reviewing the comments, there is room to find common ground.
disclosure. This Notice announces the NTIA announced that the first issue to
first meeting, which is scheduled for be addressed would be ‘‘collaboration The goal of this process is neither to
September 29, 2015. on vulnerability research disclosure.’’ 6 replicate past discussions nor duplicate
While this is not the first discussion on existing initiatives. As information
DATES: The meeting will be held on
the topic, stakeholders have presented security is gaining more attention in the
September 29, 2015, from 9:00 a.m. to
the case that the time is right to make collective consciousness due to a series
3:00 p.m., Pacific Time. See
SUPPLEMENTARY INFORMATION for details. further progress among ecosystem of high profile cybersecurity incidents
players by achieving consensus and a and disclosed vulnerabilities, more
ADDRESSES: The meeting will be held in commitment to baseline principles and firms and organizations are considering
the Booth Auditorium at the University accepted practices. how to engage with third party
of California, Berkeley, School of Law, This issue is commonly referred to as researchers, just as they are exploring
Boalt Hall, Bancroft Way and Piedmont the question of ‘‘vulnerability other security tools and processes. The
Avenue, Berkeley, CA 94720–7200. disclosure.’’ For as long as humans have security community itself has worked to
FOR FURTHER INFORMATION CONTACT: promote better collaboration. More
1 U.S. Department of Commerce, Internet Policy
Allan Friedman, National software vendors and system owners are
Task Force, Request for Public Comment,
Telecommunications and Information Stakeholder Engagement on Cybersecurity in the offering ‘‘bug bounty’’ programs that
Administration, U.S. Department of Digital Ecosystem, 80 FR 14360, Docket No. reward researchers for sharing
Commerce, 1401 Constitution Avenue 150312253–5253–01 (Mar. 19, 2015), available at: vulnerability information. In addition to
NW., Room 4725, Washington, DC http://www.ntia.doc.gov/files/ntia/publications/
cybersecurity_rfc_03192015.pdf. enterprises that buy vulnerabilities and
20230; telephone (202) 482–4281; email; 2 U.S. Department of Commerce, Internet Policy sell them to vendors, new business
afriedman@ntia.doc.gov. Please direct Task Force, Cybersecurity, Innovation, and the models have emerged to help
media inquiries to NTIA’s Office of Internet Economy (June 2011) (Green Paper), organizations develop and manage bug
Public Affairs, (202) 482–7002; email available at: http://www.nist.gov/itl/upload/
bounty programs. Leading experts at the
press@ntia.doc.gov. Cybersecurity_Green-Paper_FinalVersion.pdf.
3 See Comments Received in Response to Federal International Standards Organization
SUPPLEMENTARY INFORMATION: Register Notice Developing a Framework for have developed, and are continuing to
Background: On March 19, 2015, the Improving Critical Infrastructure Cybersecurity, revise, a formal standard for vendors on
Docket No. 140721609–4609–01, available at:
National Telecommunications and http://csrc.nist.gov/cyberframework/rfi_comments_ how to manage incoming vulnerability
Information Administration, working 10_2014.html.
with the Department of Commerce’s 4 Request for Public Comment, supra note 1. 7 See, e.g., Peter Wayner, Smithsonian Honors the
Internet Policy Task Force (IPTF), 5 NTIA has posted the public comments received Original Bug in the System, N.Y. Times (Dec. 7,
issued a Request for Comment to at http://www.ntia.doc.gov/federal-register-notice/ 1997), available at: http://www.nytimes.com/
tkelley on DSK3SPTVN1PROD with NOTICES
2015/comments-stakeholder-engagement- library/cyber/week/120497bug.html.
‘‘identify substantive cybersecurity cybersecurity-digital-ecosystem. 8 For a bibliography of research, proposed
issues that affect the digital ecosystem 6 NTIA, Enhancing the Digital Economy Through standards, online discussions and other resources,
and digital economic growth where Collaboration on Vulnerability Research Disclosure see University of Oulu Secure Programming Group,
broad consensus, coordinated action, (July 9, 2015), available at: http:// Juhani Eronen & Ari Takanen eds., Vulnerability
www.ntia.doc.gov/blog/2015/enhancing-digital- Disclosure Publications and Discussion Tracking,
and the development of best practices economy-through-collaboration-vulnerability- available at: https://www.ee.oulu.fi/research/ouspg/
could substantially improve security for research-disclosure. Disclosure_tracking (last visited Aug. 20, 2015).
VerDate Sep<11>2014 16:19 Aug 28, 2015 Jkt 235001 PO 00000 Frm 00015 Fmt 4703 Sfmt 4703 E:\FR\FM\31AUN1.SGM 31AUN1](https://thefederalregister.org/doc/80_FR_52622/page/1.svg)
![Federal Register / Vol. 80, No. 168 / Monday, August 31, 2015 / Notices 52455
information.9 NTIA’s process is meant between vendors and researchers about Place: The meeting will be held in the
to complement these ongoing vulnerability information. The Boardroom in the Booth Auditorium at
developments, as well as existing multistakeholder process will involve the University of California, Berkeley,
standards and practices developed by hearing and understanding the School of Law, Boalt Hall, Bancroft Way
other organizations, by bringing together perspectives of diverse stakeholders, and Piedmont Avenue, Berkeley, CA
all relevant stakeholders to find from a wide range of both vendors and 94720–7200. The location of the
consensus on the overarching goals and researchers, while seeking a consensus meeting is subject to change. Please
principles for successful sharing and that enables collaboration for a more refer to NTIA’s Web site, http://
handling of vulnerability information. secure digital ecosystem. www.ntia.doc.gov/other-publication/
By coming together at this critical The September 29, 2015, meeting is 2015/multistakeholder-process-
juncture, stakeholders can expand intended to bring stakeholders together cybersecurity-vulnerabilities, for the
norms and expectations for the to begin to share the range of views on most current information.
adoption, adaptation, and innovation of how vulnerability information is shared Other Information: The meeting is
practices and standards. by researchers, how it is received and open to the public and the press on a
The goal of this process will be to used by vendors, and to establish more first-come, first-served basis. Space is
develop a broad, shared understanding concrete goals and structure of the limited. To assist the agency in
of the overlapping interests between process. The objectives of this first determining space and webcast
security researchers and the vendors meeting are to: (1) Briefly share different technology requirements, NTIA requests
and owners of products discovered to be perspectives on how vulnerability that interested persons pre-register for
vulnerable, and establish a consensus information is shared, received, and the meeting at http://www.ntia.doc.gov/
about voluntary principles to promote resolved; (2) briefly review perceived other-publication/2015/
better collaboration. The question of challenges in successful collaborations; multistakeholder-process-cybersecurity-
how vulnerabilities can and should be (3) engage stakeholders in a discussion vulnerabilities.
disclosed will be a critical part of the of high-priority substantive issues The meeting is physically accessible
discussion, as will how vendors receive stakeholders believe should be to people with disabilities. Requests for
and respond to this information. addressed; (4) engage stakeholders in a sign language interpretation or other
However, disclosure is only one aspect discussion of logistical issues, including auxiliary aids should be directed to
of successful collaboration. One goal of internal structures such as a small Allan Friedman at (202) 482–4281 or
the overall NTIA process is to promote drafting committee or various working afriedman@ntia.doc.gov at least seven
a digital economy that more strongly groups, and the location and frequency (7) business days prior to each meeting.
emphasizes security and develops of future meetings; and (5) identify The meetings will also be webcast.
community-driven or market-based concrete goals and stakeholder work Requests for real-time captioning of the
forces to better and more rapidly secure following the first meeting. webcast or other auxiliary aids should
the digital ecosystem. The main objective of further be directed to Allan Friedman at (202)
Stakeholders will determine the exact meetings will be to encourage and 482–4281 or afriedman@ntia.doc.gov at
nature of the outcome of this process. facilitate continued discussion among least seven (7) business days prior to
Since it is unlikely that a one-size-fits stakeholders to build consensus around each meeting. There will be an
all solution will be feasible in this the principles guiding successful opportunity for stakeholders viewing
dynamic space, stakeholders will need collaboration. This discussion may the webcast to participate remotely in
to determine how to scope and organize include circulation of stakeholder- the meetings through a moderated
the work through sub-groups or other developed straw-man drafts and conference bridge, including polling
means. Success of the process will be discussion of the appropriate scope of functionality. Access details for the
evaluated by the extent to which the initiative. Stakeholders may also meetings are subject to change.
stakeholders embrace and implement agree on procedural work plans for the Please refer to NTIA’s Web site,
the consensus findings within their group, including additional meetings or http://www.ntia.doc.gov/other-
individual practices or organizations. modified logistics for future meetings. publication/2015/multistakeholder-
Although the stakeholders determine NTIA suggests that stakeholders process-cybersecurity-vulnerabilities, for
the outcome of the process, it is consider setting clear deadlines for a the most current information.
important to note that the process will working draft, and consider a phase for Dated: August 26, 2015.
not result in a regulatory policy or new external review of this draft, before Kathy D. Smith,
law, nor focus on law enforcement or reconvening to take account of external Chief Counsel, National Telecommunications
other non-commercial government use feedback. and Information Administration.
of vulnerability data. More information about stakeholders’ [FR Doc. 2015–21500 Filed 8–28–15; 8:45 am]
Matters To Be Considered: The
work will be available at: http:// BILLING CODE 3510–60–P
September 29, 2015, meeting will be the
www.ntia.doc.gov/other-publication/
first in a series of NTIA-convened
2015/multistakeholder-process-
multistakeholder discussions
cybersecurity-vulnerabilities. DEPARTMENT OF COMMERCE
concerning collaboration on
Time and Date: NTIA will convene
vulnerability disclosure. Subsequent Patent and Trademark Office
the first meeting of the multistakeholder
meetings will follow on a schedule
process to promote collaboration on
determined by those participating in the Madrid Protocol
vulnerability research disclosure on
first meeting. Stakeholders will engage
tkelley on DSK3SPTVN1PROD with NOTICES
September 29, 2015, from 9:00 a.m. to ACTION: Proposed collection; comment
in an open, transparent, consensus-
3:00 p.m., Pacific Time. Please refer to request.
driven process to develop voluntary
NTIA’s Web site, http://
principles guiding the collaboration
www.ntia.doc.gov/other-publication/ SUMMARY: The United States Patent and
9 ISO Standard 29147, Vulnerability Disclosure
2015/multistakeholder-process- Trademark Office (USPTO), as part of its
Overview (2014), available at: http://www.iso.org/ cybersecurity-vulnerabilities, for the continuing effort to reduce paperwork
iso/catalogue_detail.htm?csnumber=45170. most current information. and respondent burden, invites the
VerDate Sep<11>2014 16:19 Aug 28, 2015 Jkt 235001 PO 00000 Frm 00016 Fmt 4703 Sfmt 4703 E:\FR\FM\31AUN1.SGM 31AUN1](https://thefederalregister.org/doc/80_FR_52622/page/2.svg)
Document Created: 2018-02-23 11:04:11
Document Modified: 2018-02-23 11:04:11
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of open meeting. | |
| Dates | The meeting will be held on September 29, 2015, from 9:00 a.m. to 3:00 p.m., Pacific Time. See SUPPLEMENTARY INFORMATION for details. | |
| Contact | Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone (202) 482-4281; email; [email protected] Please direct media inquiries to NTIA's Office of Public Affairs, (202) 482- 7002; email [email protected] | |
| FR Citation | 80 FR 52454 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR