VEP

Latest in VEP

Cybersecurity

Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

Sasha Romanosky Mon, Feb 4, 2019, 2:17 PM

The public release of the Vulnerability Equities Process (VEP) charter by the White House in late 2017 went a long way toward satisfying the public’s curiosity about the secretive, high-profile and contentious process by which the U.S. government decides whether to temporarily withhold or publicly disclose zero-day software vulnerabilities—that is, vulnerabilities for which no patches exist. Just recently, the U.K.

Read more about Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

Cybersecurity

Adding Data to the VEP Debate: RAND's New Report

Grayson Clary Sat, Mar 11, 2017, 4:30 PM

When WikiLeaks shed light on the CIA’s stockpile of software vulnerabilities last week, it revived—but hardly clarified—the debate on whether the government hoards too many bugs. In principle, the interagency Vulnerability Equities Process (VEP) ensures that a flaw is disclosed when the interest in patching it exceeds other governmental interests in exploiting it. Privacy advocates have long suspected that, in practice, the deck is stacked against disclosure.

Read more about Adding Data to the VEP Debate: RAND's New Report

Cybersecurity

Developing an Objective, Repeatable Scoring System for a Vulnerability Equities Process

Cybersecurity

Adding Data to the VEP Debate: RAND's New Report

Subscribe to Lawfare

Support Lawfare

Explore