The IT Law Wiki

Citation[]

White House, Vulnerabilities Equities Policy and Process for the United States Government (Nov. 15, 2017) (full-text).

Overview[]

This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the U.S. Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public's interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.