
Heartbleed: Understanding When We Disclose Cyber Vulnerabilities - ghosh
https://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities
======
dylanfw
In case its not clear by the title, this article is from 2014.

The author explains that the NSA has a "disciplined, rigorous and high-level
decision-making process" to determine if they should disclose a vulnerability
or quietly exploit it. I might just be ignorant of the facts but when has this
decision process ever resulted in "disclose it"? Is there any record of the
NSA publicly disclosing a vulnerability?

~~~
s_q_b
I imagine that such vulnerabilities would be passed to US-CERT, without
attribution.

~~~
dylanfw
> without attribution

Fair enough. I'm not sure why I assumed the NSA would announce exactly what
software they were poking around inside of in the first place.

