New White House ‘charter’ details process for disclosing software vulnerabilities discovered by government

The White House today released an unclassified, revised federal policy for publicly disclosing cyber vulnerabilities discovered by federal agencies, detailing how the administration weighs defensive cyber concerns and the potential use of those exploits by law enforcement and intelligence agencies in determining whether and when to disclose information.

The updated Vulnerability Equities Process charter announced by White House cybersecurity coordinator Rob Joyce this morning lays out considerations about the potential impact of not disclosing cyber vulnerabilities, the potential...