The report comes as White House cybersecurity czar Rob Joyce says he is reviewing the Vulnerability Equities Process — the policy structure that decides whether zero days found by U.S. agencies should be disclosed to the manufacturer.

The Trump administration has concerns about a proposed reform of the policy process the U.S. government uses when deciding how to handle newly discovered software vulnerabilities known as zero days, said White House Cybersecurity Coordinator Rob Joyce.

Op-Ed: The leak of NSA exploits is not the worst that could happen — and trying to reform the policy process the U.S. government uses to decide which vulnerabilities to reveal and patch will not make things better.

Storm clouds are rising over the U.S. government's policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process.

A new bipartisan bill aims to add transparency to the Vulnerabilities Equities Process.

A new study from the RAND Corp. upends much of the conventional wisdom on zero day vulnerability disclosure — they are rarely discovered independently, which makes hoarding them more effective.