Posted on Feb 28, 2018
In late 2017, the government announced the Vulnerabilities Equities Policy and Process by which they decide to disclose software flaws with the potential of turning into cyberweapons, would be made public. The process had been described as was once “opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cybersecurity at risk.” While the rules by which the government comes to a decision on disclosing the information had not changed, the process is now less opaque to those outside of the government.
The process details considerations of threat, vulnerability, impact, and mitigation. Additionally, the public is able to see that part of the process includes a monthly review of newly discovered vulnerabilities by the NSA, CIA, FBI, Treasury, Commerce, and State Departments, as well as the Office of Management and Budget.
A few points of discussion in the now public process have been:
As the government practices transparency and discloses vulnerabilities it discovers, the cybersecurity risk ecosystem stands to benefit-- as does the public.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.