Redacted: This is how the government ‘informs’ you about critical software flaws
The US government has released a document describing the process it undertakes when deciding whether or not to inform the public about critical vulnerabilities it discovers in software. However, important details remain redacted.
Essentially, the document shows that an interagency review board, facilitated by an office within the National Security Agency (NSA) called the ‘Executive Secretariat’, decides whether the public will learn about software flaws that could be exploited. The entire practice is known as the ‘Vulnerabilities Equities Process’, or VEP.
Information about the process itself, however, was redacted. The government also redacted all information regarding a decision to not disclose security vulnerabilities.
No comments:
Post a Comment