Insights & Research


Hacking Policy Council Comments to New York State Department of Health on Proposed Hospital Cybersecurity Requirements

The Hacking Policy Council (“HPC”) submits the following comments in response to the New York Department of Health’s proposed addition to Section 405.46 to Title 10 NYCRR (“Hospital Cybersecurity Requirements).

Vulnerability Management Under The Cyber Resilience Act

Companies should begin preparing now for the EU’s Cyber Resilience Act, a significant development in product security regulation and will apply to software and connected device manufacturers in and outside EU borders.

Cybersecurity Predictions for 2024

The Center for Cybersecurity Policy & Law staff offer their predictions on what's to come in 2024 and the season finale of the Distilling Cyber Policy podcast offers some additional commentary on what's ahead.

Coalition Submits Comments to CISA on Software Attestation Form

The Cybersecurity Coalition submitted comments to CISA's second Request for Comment on its Secure Software Development Attestation Common Form.

Open Source Software Security Should Focus on Adoption of Memory Safe Programming Languages

The Cybersecurity Coalition’s comments in response to the Office of the National Cyber Director Request for Information on Open-Source Software Security focuses on the adoption of memory safe programming languages.

NIST CSF 2.0 Includes Positive Changes, Need for Greater Consistency, Practical Guidance

The Cybersecurity Coalition submitted broadly supportive comments in response to the National Institute for Standards and Technology Discussion Draft of the Cybersecurity Framework (CSF) 2.0 Core.

Center for Cybersecurity Policy & Law Staff are Thankful for …

The staff at the Center for Cybersecurity & Law would like to say what they are thankful for this year.

Ninth Circuit Avoids Vulnerability Disclosure Precedent, Following Amicus Brief

The Court of Appeals for the Ninth Circuit affirmed the dismissal of all claims in a case that risked setting a precedent requiring premature vulnerability disclosure, In re Intel Corp. CPU Marketing.

Extensive Artificial Intelligence Executive Order Defines Administrations Plans

The expansive artificial intelligence Executive Order signed by President Biden brings together many actions that the Administration will take over the next year to guide the U.S. government’s use and regulation of the technology.

What We Learned at Singapore International Cyber Week

Alex Botting attended Singapore International Cyber Week and has some key takeaways from the event, including some thoughts on regulatory harmonization, multi-stakeholder collaboration, and ransomware.