EFF Questions US Government's Software Flaw Disclosure Policy 18

Posted by Soulskill on Tuesday March 31, 2015 @07:12AM from the we'll-do-that-at-least-once-in-the-past-decade dept.

angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"

EFF Questions US Government's Software Flaw Disclosure Policy

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 18 Comments Log In/Create an Account

Comments Filter:

Duh Stuxnet! (Score:1)

by Anonymous Coward writes:

They did disclose it, they disclosed it right across their PCs with Stuxnet! Duh!
http://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/
They also told Belgacom about their Quantum Insertion bug by 'advertising it' on Slashdot where their network admins visit! How much more disclosed can they get than to advertise it.
http://www.ibtimes.com/edward-snowden-reveals-quantum-insert-nsa-gchq-used-fake-linkedin-slashdot-pages-install-spyware
I mean seriously, do you doubt that the NSA would learn about ze
EFF IT UP SOME MORE! (Score:1)

by Anonymous Coward writes:

Right on!
- - Re: (Score:2)
    
    by anagama ( 611277 ) writes:
    
    Wrong. No matter what, a Republican or a Democrat will be elected. The difference between the GOP and DNC on mass surveillance is exactly 0.
    Yes, I'll vote 3d party, but I know the score.
- Re:No flaws in the Obama care web sites! (Score:4, Funny)
  
  by Bonzoli ( 932939 ) writes: on Tuesday March 31, 2015 @07:52AM (#49378409)
  
  Nothing to s[REDACTED].
  
No new policy (Score:2, Informative)

by Anonymous Coward writes:

The summary states:
"...This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"" [whitehouse.gov]
The phrase "reinvigorated" appears in the link cited in this sentence:
This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities
(emphasis mine)
So, the summary is misleading: the White House did not announce a new policy; the link clearly and unambi
Transparency (Score:1)

by operagost ( 62405 ) writes:

Don't question the most transparent administration in history [thehill.com].
- Re: (Score:2)
  
  by anagama ( 611277 ) writes:
  
  See also:
  https://www.eff.org/deeplinks/... [eff.org]
  http://news.antiwar.com/2013/0... [antiwar.com]
  https://www.propublica.org/spe... [propublica.org]

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

EFF Questions US Government's Software Flaw Disclosure Policy 18

EFF Questions US Government's Software Flaw Disclosure Policy More Login

EFF Questions US Government's Software Flaw Disclosure Policy

Duh Stuxnet! (Score:1)

EFF IT UP SOME MORE! (Score:1)

Re: (Score:2)

Re:No flaws in the Obama care web sites! (Score:4, Funny)

No new policy (Score:2, Informative)

Transparency (Score:1)

Re: (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot