For years the government has refused to talk about or even acknowledge its secret use of zero-day software vulnerabilities to hack into the computers of adversaries and criminal suspects. This year, however, the Obama administration finally acknowledged in a roundabout way what everyone already knew—that the National Security Agency and law enforcement agencies sometimes keep information about software vulnerabilities secret so the government can exploit them for purposes of surveillance and sabotage.

Government sources told the New York Times last spring that any time the NSA discovers a major flaw in software it has to disclose the vulnerability to the vendor and others so that the security hole can be patched. But they also said that if the hole has “a clear national security or law enforcement” use, the government can choose to keep information about the vulnerability secret in order to exploit it. This begged the question about just how many vulnerabilities the government has withheld over the years to exploit.

In a new interview about the government’s zero-day policy, Michael Daniel, National Security Council cybersecurity coordinator and special adviser to the president on cybersecurity issues, insists to WIRED that the government doesn’t stockpile large numbers of zero days for use.

Read the Full Article: Source – Wired
http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/

source not found