Vulnerability Management

Multiple factors influence gov’t decision to disclose vulnerabilities

The government has an established protocol to determine when to disclose a vulnerability to the public, and while it is in the national interest to do so, there are times that disclosure would result in forgoing "an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation's intellectual property, or even discover more dangerous vulnerabilities,” according to a White House blog post by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator.

Responding to concerns that the NSA knew of the Heartbleed bug long before it was revealed, and could have exploited it, Daniel wrote that “a disciplined, rigorous and high-level” interagency decision-making process is used to gauge whether a vulnerability affects core internet infrastructure, to determine the risk it imposes and gauge whether the intelligence is valuable enough to justify exploiting it.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.