The White House has a new leader of a largely secretive government group that decides whether software and hardware vulnerabilities should be withheld from the public to help the government conduct cyber operations.
Grand Schneider, the federal chief information security officer and senior director at the National Security Council, was named head of the Vulnerabilities Equities Process (VEP) board.
I hope they mean “overlook” in the sense of supervising and not in the sense of “to look upon with an evil eye”. Anyway, the article continues …
The group determines if the government should withhold so-called zero day flaws, which are previously undiscovered security bugs that have not yet been patched. The government uses the board to decide which flaws it can use to conduct surveillance — or to disclose to the public.
But, in withholding the flaws for cyber-operations, companies and citizens can be left vulnerable if the vulnerabilities are discovered by others.
For me the question comes down to who will be damaged more by the vulnerabilities. More often than not business and western liberal democracies are at greater risk, so the US government potentially damages those they are meant to protect.
What do you think?