Lindsey Polley on the Vulnerabilities Equities Process
Media Type |
audio
Categories Via RSS |
Government
History
News
Politics
Publication Date |
Jun 06, 2022
Episode Duration |
00:40:21

The business of offensive cyber operations and intelligence gathering increasingly requires the military and intelligence community to exploit networks, hardware, and software owned or produced by American companies and used by American citizens. Sometimes this exploitation occurs with the use of zero-day vulnerabilities. In order to determine when zero-day vulnerabilities should be exploited versus disclosed to the relevant vendor so that the vulnerability can be patched, the United States government engages in an interagency process known as the Vulnerabilities Equities Process or VEP.

Stephanie Pell sat down with Dr. Lindsey Polley, director of defense and national security at Starburst Aerospace, to talk about her recently defended 1.pdf">dissertation, “To Disclose or Not to Disclose, That Is the Question: A Methods-Based Approach for Examining & Improving the US Government's Vulnerabilities Equities Process.” They discussed the purpose of the VEP, how it is structured to operate, and how its current state and structure impedes its ability to promote longer-term social good through its vulnerability adjudications. They also talked about some of Lindsey's recommendations to improve the VEP. 

Support this show http://supporter.acast.com/lawfare.


Hosted on Acast. See acast.com/privacy for more information.

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review