NSA Admits to Keeping Some Heartbleed-like Bugs Secret

Share it:
NSA building is so big not because of its size, but its because it have tonnes of the secret, but then also agency never admits the truth even one percent of it.  On this, White House have disclose the way about how NSA works and how it deals with the security  bug  such as Heartbleed.

Hope you all  remember that a weeks ago NSA have denied to knew about the Heartbleed vulnerability before its being exposed public. And the leaks of the Edward Snowden reveals that finding bugs of this size is one of the agency’s main jobs, especially given the widespread use of the affected OpenSSL versions.

Since the Heartbleed vulnerability had been around for two years, it is not believe that agency have not took the advantage of the vulnerability.

Michael Daniel, White House cybersecurity coordinator says in statement,
“Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long-run. Weighing these tradeoffs is not easy, and so we have established principles to guide agency decision-making in this area,”

The decision to share more information about how the agency works came after Heartbleed was exposed, actually. The agency said that it considered several things before deciding on whether to share the information it had on bugs and more specifically how the White House decided which vulnerabilities were withheld from the public.

Initially, the agency analyze the severity of the bug and makes the reports of the affected system by the vulnerability. After that they finds what the effect if the vulnerability patched or unpatched. 
Other thing is whether or not the agency can exploit the bug for a short period before disclosing it and whether anyone else is likely to spill the beans before them. “How likely is it that we would know if someone else was exploiting it? How badly do we need the intelligence we think we can get from exploiting the vulnerability? Are there other ways we can get it?” Daniel Wrotes.

“Too little transparency and citizens can lose faith in their government and institutions, while exposing too much can make it impossible to collect the intelligence we need to protect the nation. We weigh these considerations through a deliberate process that is biased toward responsibly disclosing the vulnerability, and by sharing this list we want everyone to understand what is at stake,” Daniel wrote.

Share it:

Edward Snowden

Heart Bleed

NSA

Post A Comment:

0 comments:

Follow by Email