Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Questions US Government's Software Flaw Disclosure Policy

Posted by Soulskill on from the we'll-do-that-at-least-once-in-the-past-decade dept.

angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"

7 of 18 comments (clear)

  1. Duh Stuxnet! by Anonymous Coward · · Score: 1

    They did disclose it, they disclosed it right across their PCs with Stuxnet! Duh!

    http://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/

    They also told Belgacom about their Quantum Insertion bug by 'advertising it' on Slashdot where their network admins visit! How much more disclosed can they get than to advertise it.

    http://www.ibtimes.com/edward-snowden-reveals-quantum-insert-nsa-gchq-used-fake-linkedin-slashdot-pages-install-spyware

    I mean seriously, do you doubt that the NSA would learn about zero day vulnerabilities by buying them from hackers ^H^H^H^ Security research companies, then not tell the companies or users??? What sort of a cynic are you?

  2. EFF IT UP SOME MORE! by Anonymous Coward · · Score: 1

    Right on!

    1. Re: EFF IT UP SOME MORE! by anagama · · Score: 1

      Wrong. No matter what, a Republican or a Democrat will be elected. The difference between the GOP and DNC on mass surveillance is exactly 0.

      Yes, I'll vote 3d party, but I know the score.

      --
      What changed under Obama? Nothing Good
  3. Re:No flaws in the Obama care web sites! by Bonzoli · · Score: 3, Funny

    Nothing to s[REDACTED].

  4. No new policy by Anonymous Coward · · Score: 2, Informative

    The summary states:
    "...This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?""

    The phrase "reinvigorated" appears in the link cited in this sentence:
    This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities

    (emphasis mine)

    So, the summary is misleading: the White House did not announce a new policy; the link clearly and unambiguously states that they are continuing "existing policy." There are no documents supporting the 'reinvigorated' VEP 2.0 because there is no "VEP 2.0"-- the blog cited states that they are continuing existing policy. In short: "ain't nothing changed."

    Read your own links, summarizers.

  5. Transparency by operagost · · Score: 1

    Don't question the most transparent administration in history.

    --

    Gamingmuseum.com: Give your 3D accelerator a rest.
    1. Re:Transparency by anagama · · Score: 1

      See also:
      https://www.eff.org/deeplinks/...

      http://news.antiwar.com/2013/0...

      https://www.propublica.org/spe...

      --
      What changed under Obama? Nothing Good