The "Equities Process" governs how to handle publicizing security issues. Normally, flaws and vulnerabilities are not announced until after they are fixed. The government will only withhold a bug if there was an “overriding intelligence reason,” and will require sign off from a high-level official.
Estimated reading time: 0 minutes, 23 seconds
U.K. Agency Ups Transparency Protocols to Combat Threats
The National Cyber Security Centre in the U.K. announced a new public disclosure process with respect to “potentially sensitive software flaws.” So reports NBC News.
Latest from Kurt Martin
- Hotel Booking Firm Sabre to Pay $2.4M in Breach Settlement
- U.S. Cyber Command Works to Disrupt Trickbot Botnet
- Cyber Pro Who Stopped 'WannaCry' Attack Admits to Malware
- State-sponsored Attacks to Grow in Intensity, Frequency: Report
- Think Tank, National Cybersecurity Center Partner to Grow 'Capture the Flag' Competition