Disclosing vulnerabilities in commercial and open source software is in the national interest and shouldn’t be withheld from the public unless there is a clear national security or law enforcement need, President Barack Obama’s National Security Council said Saturday.
The statement of White House policy came after a computer bug called “Heartbleed” caused major security concerns across the Internet and affected a widely used encryption technology, the variant of SSL/TLS known as OpenSSL, that was designed to protect online accounts. Major Internet services worked this week to insulate themselves against the bug.
The NSC, which Obama chairs, advises the president on national security and foreign policy matters. Its spokeswoman, Caitlin Hayden, said in a statement Saturday that the federal government was not aware of the Heartbleed vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The federal government relies on OpenSSL to protect the privacy of users of government websites and other online services, she said.
“This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet,” she said. “If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
Read more at: Phys.org