The House of Representatives has passed a bill aimed at requiring federal contractors to have a risk disclosure coverage (VDP ).
The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 instructs the Office of Management and Budget ( OMB) to consult with CISA, the Office of the National Cyber Director, NIST, and other relevant agencies, and require federal contractors to have a VDP that is consistent with NIST rules.  ,
The act also instructs the Defense Department to demand defense companies to adopt similar laws.  ,
The goal is to make it easier for individuals and companies who find vulnerabilities in vendors ‘ techniques to properly publish them.  ,
Just days before the bill passed the House, some major security and software companies signed a urging the House and Senate to review the policy.  ,
” Companies, given the vast amount of sensitive information they handle, are prime targets for digital challenges. As a result, the act ensures all firms contracting with the federal government adhere to security best practices”, reads the letter signed by HackerOne, Bugcrowd, Microsoft, Infoblox, Rapid7, Trend Micro, Tenable and Schneider Electric.
” The bill builds upon existing laws that have encouraged the implementation of VDPs, promoting a proactive approach to security and helping protect critical techniques before they can be exploited”, it continues.  ,
Politicians have been trying to pass this act for the past two decades. It was by Representative Nancy Mace (R-SC ) in 2023, with a version introduced in 2024 by senators Mark R. Warner (D-VA ) and James Lankford (R-OK ).
The bill received approval from the House Committee on Oversight and Accountability in May 2024 and was later incorporated into the National Defense Authorization Act ( NDAA ).  ,
The policy is now in the Senate, where it has been referred to the Committee on Homeland Security and Governmental Affairs.
Related: Senate Passes Bill to Protect Kids Online and Make Tech Organizations Accountable for Harmful Content
Related: House Passes Bill Barring Sale of Personal Information to Foreign Opponents
Related: California Governor Vetoes Bill to Create First-in-Nation AI Safety Steps