UK cybersecurity agency was recently responsible for fighting with the cyber threat. Thursday dated 29th of Nov, it announced a new process for publically disclosing the software flaws which are sensitive. The main idea is to bring a new level of transparency to its work.
They named it ‘Equities Process’ in a blog post. It contains details about how they will make decisions on whether to make the flaws found in sensitive software public or not.
The National UK cyber Security Centre designed a new procedure, called the “Equities Process” in the blog post that renders how it makes decisions on whether to make public the discovery of new flaws.
National Cyber Security Centre sometimes stay quiet on the discovery of new security flaws because they can be used to gather intelligence.
“There’s got to be a good reason not to disclose,” said Ian Levy, technical director at the NCSC.
They focus on disclosing the new vulnerabilities to the public after the fixes. They will rarely keep them confidential. Such as if they are facing a superseding intelligence purpose.