Saturday September 05, 2015

US Government Releases Document Describing How It Handles 0-Day Vulnerabilities

It’s heavily redacted, but the EFF has acquired yet another document that unveils a little more about how the government manages 0-days. From what I understand, the "VEP" (Vulnerabilities Equities Process) is the process in which the NSA decides whether or not to reveal exploitable software flaws, with the concern being that exploits could be used beyond foreign targets and criminal suspects.