White House Policy on Vulnerabilities Used for Cyber ​​War

[ad_1]

The limit between "zero-day" operating reports that can pose a great risk to the public and create a large advantage for offensive cyber attacks is extremely thin. While more and more devices are connected to the Internet and offer additional opportunities for attacks, there is no clear answer as to how malicious organizations are stopped by the government .

Following an official press release from the White House's Cybersecurity Coordinator, Rob Joyce, the United States revealed that "there can be no" massive stockpiles "Exploits that only ask to be used. Instead, known exploits are subject to the Vulnerabilities Equities Process (VEP). The VEP determines whether the risk is worth keeping a known private vulnerability or making it public.

The decision to keep security issues confidential can have a huge impact. Losing holes in applications and networks can lead to the rapid spread of malware or data theft if another group discovers the flaw. Worse still for military operations, private security researchers may find flaws and publish them publicly before patches are released. This can leave cyber operations in a difficult situation without any way to continue an ongoing mission and no guarantee of not being detected.

According to Joyce, custody of private exploits and previously unknown vulnerabilities should be done as carefully as physical military weapons. It is thought that many countries maintain most private vulnerabilities in an effort to expand offensive capabilities at the expense of a weaker defensive stance.

"Although I do not know it

related reading

[ad_2]

Source link