Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Uses Vulnerabilities Before It Discloses Them, Keeps Some To Itself (reuters.com)

Posted by Soulskill on from the you-can-trust-us dept.

An anonymous reader writes: The NSA, perhaps seeking to repair its reputation, has started talking about how it handles vulnerabilities in computer software. But in doing so, they've only confirmed their own questionable behavior. The agency says it discloses zero-day flaws about 91% of the time. This means, of course, that they hold back about 9% of the flaws for their own use. They also don't mention when they disclose these flaws — which is damning, given statements from several current and former government officials indicating the NSA frequently waits and takes advantage of the vulnerabilities before notifying the companies who make the compromised software. This is the NSA's argument: "[T]here are legitimate pros and cons to the decision to disclose vulnerabilities, and the trade-offs between prompt disclosure and withholding knowledge of some vulnerabilities for a limited time can have significant consequences. Disclosing a vulnerability can mean that we forgo an opportunity to collect crucial foreign intelligence that could thwart a terrorist attack, stop the theft of our nation's intellectual property, or discover even more dangerous vulnerabilities that are being used to exploit our networks."

2 of 121 comments (clear)

  1. Iran by ultranova · · Score: 2, Interesting

    The NSA, perhaps seeking to repair its reputation, has started talking about how it handles vulnerabilities in computer software. But in doing so, they've only confirmed their own questionable behavior.

    Questionable perhaps, but the article also provides a pretty good answer by mentioning Stuxnet, which was used to halt Iran's enrichment of uranium. Surely being able to stop what's at best an oppressive theocracy from obtaining nuclear weapons with no casualties or collateral damage has some value?

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  2. Re:Biased summary by Anonymous Coward · · Score: 5, Interesting

    i don't agree that we should be funding an agency to spy on our own citizens and undermine
    our digital security.

    so if you agree that thats part of the role of government, for the children, then sure, nothing wrong
    with what the NSA is doing

    however, a lot of us disagree, and furthermore, we never had an opportunity to express our
    opinion as to whether or not we wanted to live in a police state.

    so this is us weakly trying to say no. try to pretend we have a right to our opinon so your
    mind doesn't collapse from all the cognitive dissonance from supporting a 'police state democracy'