ASD reveals rules for keeping vulnerabilities secret

The Australian Signals Directorate (ASD) has quietly published its process for deciding when knowledge of cybersecurity vulnerabilities is kept secret. This is the first official acknowledgement that the ASD might not disclose all of the vulnerabilities it discovers. However, knowledge Read More …

UK’s NCSC Explains How They Handle Discovered Vulnerabilities

When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines Read More …

Coming soon: Better collaboration, sharing with U.S. allies, IC CIO Sherman says

The U.S. intelligence community is working to improve collaboration and communication with its Five Eyes allies and beyond. Intelligence community CIO John Sherman plans “in just a couple weeks” to convene CIOs from Five Eyes allied nations — Australia, Canada, New Read More …

The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say

A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly. Europe’s General Data Protection Regulation requires Read More …