Ukrainian Law Blog
Freedom means the supremacy of human rights everywhere
Monday, November 27, 2017
Cybersecurity: What to Know About the 'Vulnerabilities Equities Process'
SAN FRANCISCO — They may not realize it, but any company hit by the WannaCry ransomware attack over the past several months was impacted firsthand by a secretive U.S. government policy mechanism known as the VEP.
Short for the “Vulnerabilities Equities Process,” the VEP is the procedure through which the government decides whether to hang on to knowledge of computer security flaws for offensive uses (i.e., hacking), or disclose them to ensure they get patched. In the case of WannaCry,
news reports
and comments by
Microsoft’s chief legal officer
indicated that the NSA knew about the vulnerability at the root of the worm, but only told Microsoft after losing control of it.
No comments:
Post a Comment
Newer Post
Older Post
Home
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment