NSA discloses 91 percent of the zero-day bugs it finds in the online systems to its manufacturers while it keeps the 9 percent to itself.
This information was disclosed to defend the agency’s bug disclosure policies, according to reports from Reuters.
NSA has been heavily criticized since Snowden‘s leaks and many questions have been posed to the United States government on the activities of the agency. One such thing is NSA’s bug disclosure policy.
President Barack Obama’s cybersecurity coordinator, Michael Daniel, has said that the NSA has changed its policies in relation to the security bugs disclosure program. Right after the statement from Daniel, the Electronic Frontier Foundation sued the US government and received the document explaining the new procedures and found them heavily edited.
According to a spokesperson from the NSA, they held back 91 percent of the bugs they found for offensive purposes.
But, 91 percent is just a figure it doesn’t say anything about how it is calculated. Like if NSA found a bug and didn’t notify and/or held it back for offensive purpose.
According to a statement from NSA:
“The National Security Council has an interagency process to consider when to disclose vulnerabilities, said the NSA in a public statement. The process requires the government to weigh many factors, including the importance of the information to the nation’s security. While these decisions can be complex, the government’s bias is to responsibly and discreetly disclose vulnerabilities.”