Government hoarding of software vulnerabilities needs more transparency, tech firms say
Several major technology companies are calling for increased transparency from the U.S. government after WikiLeaks published CIA documents showing that the spy agency knew of vulnerabilities in software products but did not disclose them. “We need to look at this like what is the probability that something will be found by other adversaries. There are many elements that need to go into that decision, and being transparent on what the criteria is” will help the government be more open while protecting classified material, said Intel Security’s Chief Technology Officer Steve Grobman during a hearing Wednesday by the Senate Committee on Commerce, Science, and Transportation. “I think the key thing is transparency,” Grobman said, referring to the vulnerabilities equities process, or VEP. The VEP is a secretive framework that essentially guides when and if a federal agency will notify an organization of a known software flaw that was discovered by the U.S. government. Because […]
The post Government hoarding of software vulnerabilities needs more transparency, tech firms say appeared first on Cyberscoop.