Vulnerabilities equities process (VEP) Archives

NSA, National Security Agency, RSA 2019 — (Scoop News Group photo)

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

The news comes at a time of heightened concern over bugs in Exchange Server.

Apr 13, 2021 By Sean Lyngaas

Grant Schneider, Federal CISO, White House, National Security Council — Grant Schneider speaks Dec. 3, 2019 at the Security Transformation Summit presented by Fortinet and produced by FedScoop and StateScoop. (Scoop News Group)

Grant Schneider steps down as federal CISO, heads to private sector

A nearly three-decade career in federal IT comes to a close.

Aug 18, 2020 By Sean Lyngaas

PPD-20, NSA Exploits — A soldier displays an Army Cyber Command patch. The White House may rescind an order that dictates how offensive cyber missions are approved. (Army Cyber Command)

U.S. Cyber Command knows its weapons may one day be used by its targets

The idea that adversaries might reverse engineer NSA exploits is one that military leaders deal with every day. So what's being done to prevent it from happening?

May 14, 2019 By Shannon Vavra

intel chip flaw — (Flickr user lungstruck // CC-BY-2.0)

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

U.S. senators expressed concern that shortcomings in the industry-led process for disclosing software and hardware bugs could rear their head again.

Jul 11, 2018 By Sean Lyngaas

Trump administration picks new leader for Vulnerabilities Equities Process board

Grant Schneider has been named chair of the Vulnerability Equities Process board.

Jun 21, 2018 By Chris Bing

European Union flags sit outside the EU headquarters. (Getty)

EU needs one set of vulnerability disclosure rules, says expert task force

The fractured ecosystem is having a chilling effect on vulnerability research.

Mar 13, 2018 By Shaun Waterman

hospital technology computer security — (Getty Images)

Experts ask: Why does the VEP cut out health care agencies?

"I totally get that you have to draw the line somewhere...they are drawing it in the wrong place."

Nov 16, 2017 By Shaun Waterman

White House unveils process behind disclosing software vulnerabilities

The White House released a charter Wednesday that will give more clarity and bring more transparency to how the government disseminates information on software flaws.

Nov 15, 2017 By Greg Otto

Rob Joyce, former White House cybersecurity coordinator and now NSA director of cybersecurity, in 2017.

Trump administration will shine light on VEP with public charter

Beyond providing a quantitative baseline for the VEP, the public charter will name the full roster of interagency leaders who weigh in on the process.

Oct 4, 2017 By Chris Bing

Responsible vulnerability disclosure is becoming an international norm

More and more democracies are adopting a policy of disclosing vulnerabilities as opposed sitting on them for their own intelligence gains.

Sep 22, 2017 By Shaun Waterman