EFF Questions US Government's Software Flaw Disclosure Policy 18
angry tapir writes: It's not clear if the U.S. government is living up to its promise to disclose serious software flaws to technology companies, a policy it put in place five years ago, according to the Electronic Frontier Foundation. They write, "ODNI has now finished releasing documents in response to our suit, and the results are surprisingly meager. Among the handful of heavily redacted documents is a one-page list of VEP 'Highlights' from 2010. It briefly describes the history of the interagency working group that led to the development of the VEP and notes that the VEP established an office called the 'Executive Secretariat' within the NSA. The only other highlight left unredacted explains that the VEP 'creates a process for notification, decision-making, and appeals.' And that's it. This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"
Duh Stuxnet! (Score:1)
They did disclose it, they disclosed it right across their PCs with Stuxnet! Duh!
http://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/
They also told Belgacom about their Quantum Insertion bug by 'advertising it' on Slashdot where their network admins visit! How much more disclosed can they get than to advertise it.
http://www.ibtimes.com/edward-snowden-reveals-quantum-insert-nsa-gchq-used-fake-linkedin-slashdot-pages-install-spyware
I mean seriously, do you doubt that the NSA would learn about ze
EFF IT UP SOME MORE! (Score:1)
Right on!
Re: (Score:2)
Wrong. No matter what, a Republican or a Democrat will be elected. The difference between the GOP and DNC on mass surveillance is exactly 0.
Yes, I'll vote 3d party, but I know the score.
Re:No flaws in the Obama care web sites! (Score:4, Funny)
No new policy (Score:2, Informative)
The summary states:
"...This document, which is almost five years old, is the most recent one released. So where are the documents supporting the 'reinvigorated' VEP 2.0 described by the White House in 2014?"" [whitehouse.gov]
The phrase "reinvigorated" appears in the link cited in this sentence:
This spring, we re-invigorated our efforts to implement existing policy with respect to disclosing vulnerabilities
(emphasis mine)
So, the summary is misleading: the White House did not announce a new policy; the link clearly and unambi
Transparency (Score:1)
Re: (Score:2)
See also:
https://www.eff.org/deeplinks/... [eff.org]
http://news.antiwar.com/2013/0... [antiwar.com]
https://www.propublica.org/spe... [propublica.org]