This week, the White House joined the conversation about the current state of cybersecurity when it shared its policies on alerting the public to threats and vulnerabilities.
According to David Sanger of The New York Times the discussion started when Michael Daniel, White House cybersecurity coordinator, published a post to the White House blog discussing the process for making cybersecurity flaws public knowledge. Sanger writes, “The Heartbleed incident had cast a light on a balancing test the White House has until now declined to discuss in any detail: When should the government reveal flaws that it discovers.”
The Verge’s Jacob Kastrenakes sheds light on the purpose of withholding the news from the public with this quote from Daniel: “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks.”
Dara Kerr of CNET comments on the government policy saying, “Several government agencies have put together a set of principles they use when deciding whether to disclose vulnerabilities. If the government does decide to keep a security flaw secret, it goes through a series of questions about why it made that decision, including the possible risk, exploitability, and reach of the bug.”
Jon Fingas of Engadget lends perspective to any critics of the NSA’s policies with an additional comment from the White House on the matter; “The White House… has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It’s at least clear from the statements that the government doesn’t make its choices lightly.”
Is the government doing the right thing by keeping cybersecurity flaws a secret? Tell us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.