White House releases rules on reporting cybersecurity flaws
After a hacker stole cyber tools from an NSA “stockpile” to carry out the WannaCry cyberattack, the White House is now revealing how and when the government decides to disclose vulnerabilities or keep them secret.
On Wednesday, the White House published a charter that details the Vulnerabilities Equities Process (VEP), which was established under former President Barack Obama to determine whether disclosing a vulnerability was in the government’s best interest.
The revised rules say that in the “vast majority of cases,” disclosing a vulnerability is “clearly in the national interest.”However, the White House said that the government can use the previously unknown vulnerabilities to support military, intelligence, and law enforcement activities.
“Often taking a considered risk to restrict knowledge of a vulnerability is the only way to discover significant intrusions that are compromising security and privacy,” the White House said.
No comments:
Post a Comment