Posted on Feb 28, 2018
In late 2017, the government announced the Vulnerabilities Equities Policy and Process by which they decide to disclose software flaws with the potential of turning into cyberweapons, would be made public. The process had been described as was once “opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cybersecurity at risk.” While the rules by which the government comes to a decision on disclosing the information had not changed, the process is now less opaque to those outside of the government.
The process details considerations of threat, vulnerability, impact, and mitigation. Additionally, the public is able to see that part of the process includes a monthly review of newly discovered vulnerabilities by the NSA, CIA, FBI, Treasury, Commerce, and State Departments, as well as the Office of Management and Budget.
A few points of discussion in the now public process have been:
As the government practices transparency and discloses vulnerabilities it discovers, the cybersecurity risk ecosystem stands to benefit-- as does the public.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.