Tags Vulnerabilities equities process

Study: Zero days rediscovered much faster

by Shaun Waterman • 3 months ago

The report comes as White House cybersecurity czar Rob Joyce says he is reviewing the Vulnerability Equities Process — the policy structure that decides whether zero days found by U.S. agencies should be disclosed to the manufacturer.

Bill to reform NSA hacking policy has skeptics in White House

by Shaun Waterman • 5 months ago

The Trump administration has concerns about a proposed reform of the policy process the U.S. government uses when deciding how to handle newly discovered software vulnerabilities known as zero days, said White House Cybersecurity Coordinator Rob Joyce.

Why reforming the Vulnerability Equities Process would be a disaster

by Dave Aitel • 5 months ago

Op-Ed: The leak of NSA exploits is not the worst that could happen — and trying to reform the policy process the U.S. government uses to decide which vulnerabilities to reveal and patch will not make things better.

Should the government stockpile zero day software vulnerabilities?

by Shaun Waterman • 5 months ago

Storm clouds are rising over the U.S. government's policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process.

Lawmakers introduce bill to shine spotlight on government hacking stockpile

by Chris Bing • 5 months ago

A new bipartisan bill aims to add transparency to the Vulnerabilities Equities Process.

Zero day study: Hoarding exploits less harmful than generally thought

by Shaun Waterman • 7 months ago

A new study from the RAND Corp. upends much of the conventional wisdom on zero day vulnerability disclosure — they are rarely discovered independently, which makes hoarding them more effective.

Continue to CyberScoop.com