The US National Security Agency (NSA) will not always disclose security vulnerabilities, such as Heartbleed, and said it assesses each case individually, according to a blog post on the White House website.
"Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack stop the theft of our nation's intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks," government cyber security co-ordinator Michael Daniel explained. "We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This inter-agency process helps ensure that all of the pros and cons are properly considered and weighed."
The article continues with a list of factors used to assess disclosure:
Assuming these are the only factors they use, how reasonable do you think they are? What, if anything, would you change and why?
(Score: 5, Insightful) by Angry Jesus on Thursday May 01 2014, @10:47PM
Does anyone have a list of vulnerabilities that the NSA has disclosed before anyone else?
Of course I expect the list to be tiny... So small that I couldn't easily find it in google.