After NSA leaks, a renewed interest in vulnerability disclosure

The code leaked by the Shadow Brokers group last week has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy.

The code contains about a dozen vulnerabilities affecting firewall manufacturers that many industry professionals believe to be exploits used by the National Security Agency (NSA).

While the Obama administration’s Vulnerability Equities Process (VEP) calls on intelligence agencies to disclose security vulnerabilities by default, tech companies and security pros are concerned by the prospect of an unknown number of zero-day vulnerabilities possessed by intelligence agencies.