Skip to content
Search

Latest Stories

NatSecEdge
cipherbrief

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Who Decides When to Tell a Company Its IT is Vulnerable

With the seemingly constant barrage of leaks revealing the U.S. intelligence community’s hacking capabilities, many are wondering where government draws the line between priorities of intelligence collection versus assisting companies to secure their products in order to keep the digital lives of U.S. citizens and companies secure. The Cipher Brief spoke with Ari Schwartz, the managing director of Cybersecurity Services at Venable LLP and former Senior Director for Cybersecurity at the National Security Council during the Obama administration, about the current state of U.S. vulnerability disclosure policy.

The Cipher Brief: What are zero-day vulnerabilities – zero days, for short – and how often are they used by criminals and nation-states as opposed to already known vulnerabilities? How often are zero days found and used by more than one actor?

Keep reading...Show less
Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.
Save Your Seat

Related Articles

Two Existential Threats: CIA’s Reputation vs. Democracy’s Survival

OPINION -- In his recent Cipher Brief essay, CIA's Latest Existential Challenge, former CIA senior officer Mark Kelton argues that the Central [...] More

America's Food Supply Has a Cyber Problem

OPINION — Fine-tuned sensors let farmers know which fields need more water and which crops need more fertilizer. But today, a hacker halfway around [...] More

FISA Amendments Must Acknowledge Critical Role of OSINT

OPINION — As we approach the April 2024 expiration of Section 702 of the Foreign Intelligence Surveillance Act (FISA), it is heartening to see a [...] More

Hackers are Taking Advantage of Gaps in U.S. Cybersecurity Policy

OPINION — When you press the power button on your computer, it turns on because a specialized code called firmware turns this stimulus into a signal [...] More

A New Year Means Further Transformative Shifts in Cyber

EXPERT PERSPECTIVE — 2023 saw the start of a transformative shift in cybersecurity, bringing both new opportunities and new challenges to the [...] More

We Have a New National Cybersecurity Strategy. Now What?

OPINION — The new National Cybersecurity Strategy is clear and concise, laying out the case for a more robust and engaged approach to defending our [...] More