EPIC.org has an interesting post on their blog that I hadn't seen before on the Vulnerabilities Equities Process
It's particularly timely with the recent "Wannacry" ransomware that appeared to use government leaked code that may not have been reported to the Microsoft
Question from the VEP - Is it the job of the intelligence community to find and report bugs? Are the bug hunters at the IC that much better at programming than Microsoft? Maybe the IC should share their bug hunting techniques? How about people not buying buggy software?
Friday Squid Blogging: New Squid Species Discovered
17 hours ago
No comments:
Post a Comment