Bill Sponsor
Senate Bill 1157
115th Congress(2017-2018)
PATCH Act of 2017
Introduced
Introduced
Introduced in Senate on May 17, 2017
Overview
Text
Introduced
May 17, 2017
Latest Action
May 17, 2017
Origin Chamber
Senate
Type
Bill
Bill
The primary form of legislative measure used to propose law. Depending on the chamber of origin, bills begin with a designation of either H.R. or S. Joint resolution is another form of legislative measure used to propose law.
Bill Number
1157
Congress
115
Policy Area
Government Operations and Politics
Government Operations and Politics
Primary focus of measure is government administration, including agency organization, contracting, facilities and property, information management and services; rulemaking and administrative law; elections and political activities; government employees and officials; Presidents; ethics and public participation; postal service. Measures concerning agency appropriations and the budget process may fall under Economics and Public Finance policy area.
Sponsorship by Party
Democrat
Hawaii
Republican
Colorado
Democrat
Minnesota
Republican
Wisconsin
Senate Votes (0)
House Votes (0)
No Senate votes have been held for this bill.
Summary

Protecting Our Ability to Counter Hacking Act of 2017 or the PATCH Act of 2017

This bill establishes the Vulnerability Equities Review Board to establish and make available to the public policies on matters relating to whether, when, how, to whom, and to what degree information about a vulnerability in a technology, product, system, service, or application that is not publicly known should be shared or released by the government to a non-federal entity. The board must submit to Congress and the President a draft of such policies, along with a description of challenges or impediments requiring legislative or administrative action.

Each federal agency shall, upon obtaining information about such a vulnerability, subject such information to a process established by the board for sharing or releasing the information. Process considerations shall include:

  • which technologies, products, systems, services, or applications are subject to the vulnerability;
  • the potential risks of leaving the vulnerability unpatched or unmitigated;
  • the likelihood that a non-federal entity will discover the vulnerability; and
  • whether the vulnerability can be patched or otherwise mitigated.

An agency may share or release such information to a non-federal entity without subjecting it to such process if the agency determines that the information is presumptively shareable or releasable.

If the board determines that such information should be shared with or released to the vendor that developed or maintains the technology, it shall provide the information to the Department of Homeland Security, which shall share or release the information as directed by the board.

Text (1)
Actions (2)
05/17/2017
Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
05/17/2017
Introduced in Senate
Public Record
Record Updated
Jan 11, 2023 1:36:26 PM