老澳门开奖结果

In response to an 老澳门开奖结果 Freedom of Information Act request, the FBI has released a set of internal slides that shed new light on the federal government鈥檚 process for evaluating how to handle so-called 鈥渮ero-day鈥� vulnerabilities in software and internet platforms. This new document helps inform the raging national debate about how to secure the nation鈥檚 infrastructure against malicious hacking and foreign espionage.

Zero-day exploits are computer code that take advantage of security flaws in software that are unknown to the software鈥檚 programmers and users. While security vulnerabilities can be exploited by criminals and perpetrators of cyber-attacks, they can also be exploited by governments for military, intelligence, and law-enforcement purposes. Zero-day exploits can, for example, be used to gain unauthorized access to a computer system in order to deliver spyware or download sensitive user data. The most effective way to protect systems from security exploits is for software developers to release a patch fixing the underlying flaw, but this is only possible if they are notified of the security hole. Without a patch, users remain vulnerable and potential targets can do very little to protect themselves. This is what makes zero-day exploits so alarming.

Back in April 2014, we filed a FOIA request to obtain documents related to the policies followed by government agencies when they discover or acquire zero-day vulnerabilities and software exploits. In particular, we sought to learn how the government balances its own intelligence needs with the importance of making sure that the software used by Americans is as secure as possible. After more than a year, the FBI finally responded to our request by releasing a heavily redacted document that outlines key details of the government鈥檚 internal process for dealing with zero-days. While scant on details, the document is significantly more illuminating than the responses we and other groups have received from elsewhere in the government.

As we know from reports about the regarding zero-day exploits, the government reserves the right to keep a vulnerability secret鈥攍eaving all users of the affected software open to attack鈥攁nd use it offensively instead. The new document sheds light on the process through which the government makes that decision. According to the document, after a federal agency learns of a zero-day vulnerability, representatives of 鈥渁ll concerned鈥� US government agencies are informed and then 鈥減articipate in discussions鈥� to decide how to balance the US government missions of 鈥渃ybersecurity, information assurance, intelligence, counterintelligence, law enforcement, military operations and critical infrastructure protection.鈥� The FBI recognizes that 鈥渋n most circumstances鈥� there will be a conflict between serving the interests of 鈥渋ntelligence collection, investigative matters and information assurance.鈥� But it fails to explain who will decide which interests to privilege and what safeguards are in place to prevent the country鈥檚 many intelligence and law enforcement agencies from overriding other voices.

We remain concerned that the offensive intelligence needs of agencies will be prioritized above cybersecurity. Fixing flaws, rather than stockpiling them, is the best way to make the Internet more secure. At a time when our leaders in Washington seem to be more focused on the threat of cyber-attacks than ever before, it is vital that the intelligence community not undermine efforts to improve the security of the computer systems upon which so much of our economy depends. Vulnerabilities should be reported and fixed as soon as they are discovered, and the government has the capacity and obligation to assist software developers in doing this. The government鈥檚 practice of , hoarding, and using zero-day exploits raises serious concerns.

We hope that the process described in the FBI鈥檚 document will lead to the right outcomes, but we fear it will often not. Key questions remain unanswered, and the government should provide additional explanation so the public can participate meaningfully in this important debate.