Microsoft Says China Is Abusing Vulnerability Disclosure Requirements To Hoard Exploits

Microsoft Says China Is Abusing Vulnerability Disclosure Requirements To Hoard Exploits

from the all-the-cool-surveillance-kids-are-doing-it dept

Plenty of countries have vulnerability disclosure requirements in place. This is supposed to increase the security of all users by requiring notification of affected platforms or software of exploits that may be used by malicious entities.


Define “malicious entity” tho.


The NSA has never abided by these requirements, despite being the free world leader in surveillance. It would rather delay notification than give up vulnerabilities that give it an upper hand on its surveillance targets. And if the NSA is doing it, then everyone is doing it. Say what you will about the NSA (lord knows I have), but it likely has more oversight than any other government surveillance entity in the world.


And if the NSA feels comfortable blowing off mandates to maintain its surveillance capabilities, it’s unlikely a government that deploys one of the most pervasive and invasive domestic surveillance programs in the world is going to care what Microsoft has to say about its actions.


The Chinese government has issued mandates requiring increased vulnerability reporting from hardware and software providers that do business in China. This would obviously include Microsoft. But this isn’t being done to make citizens safer. It’s being done to allow the Chinese government to make use of vulnerabilities reported to the government on its one-way disclosure street.


Somehow, the entity heading up US Homeland Security efforts sees nothing wrong with how the Chinese government handled vulnerability disclosures, as reported b ..

Support the originator by clicking the read the rest link below.