A bill has been introduced that, if passed, would put a slight check on the NSA's exploitation of software vulnerabilities:
A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week's "ransomware" attacks.
Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.
The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90 percent of its budget on offensive capabilities and spying.
(Score: 2) by DannyB on Friday May 19 2017, @07:27PM
Just wait until the next major cyber attack happens.
Big Corporations will be screaming at their government servants for protecting government systems, but not protecting the systems belonging to the owners of the government. Then there will be bill to share vulnerabilities with the software developers -- hopefully including open source ones.
I happen to think it is more important to defend against ${emeny} hacking us, even if it means we have trouble hacking ${enemy}.
The lower I set my standards the more accomplishments I have.