More on the Vulnerabilities Equities Process

LinuxSecurity.com: Richard Ledgett — a former Deputy Director of the NSA — argues against the US government disclosing all vulnerabilities: Proponents argue that this would allow patches to be developed, which in turn would help ensure that networks are secure. On its face, this argument might seem to make sense — but it is a gross oversimplification of the problem, one that not only would not have the desired effect but that also would be dangerous.

From: Linux Security

Share