NSA Claims It Discloses 91 Percent of Security Vulnerabilities Found, Keeps Rest In Back Pocket
What about the other 9 percent of the time? The zero-day
"The National Security Council has an interagency process to consider when to disclose vulnerabilities," the NSA said. "The process requires the government to weigh many factors, including the importance of the information to the nation's security. While these decisions can be complex, the government's bias is to responsibly and discreetly disclose vulnerabilities."
Before you snuggle up with the warm fuzzies the NSA is handing out, there are some factors to consider. One of them is the speed in which the 91 percent of vulnerabilities are disclosed. The NSA didn't mention how long it sits on known vulnerabilities before alerting vendors, though it did state that the ones it holds onto are kept hidden "for a limited time." It also said there are pros and cons to disclosing security holes.
"Disclosing a vulnerability can mean that we forgo an opportunity to collect crucial foreign intelligence that could thwart a terrorist attack, stop the theft of our nation's intellectual property, or discover even more dangerous vulnerabilities that are being used to exploit our networks," the NSA added.