Statement on Bloomberg News story that NSA knew about the “Heartbleed bug” flaw and regularly used it to gather critical intelligence
April 11, 2014
NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong.
Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.
When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.
In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.
ODNI Public Affairs Office
40 Notes/ Hide
think-tankgovernment reblogged this from icontherecord and added:Please help me !!!
- think-tankgovernment liked this
molto-rubato reblogged this from icontherecord- molto-rubato liked this
semanticearth-community reblogged this from icontherecord- semanticearth-community liked this
mediumhigh liked this
tinkingglass reblogged this from icontherecord and added:Heartbleed
pith liked this
lorenzoburnedeverything reblogged this from icontherecord and added:Yeah because the NSA has Totally been trustworthy up to this point. If it’s not the first piece of information that has...
from-abydos-with-love liked this
dotpath reblogged this from icontherecord
8bitstream liked this
danzafantasma liked this
deadpeasants liked this
janeullah reblogged this from icontherecord
damonwells liked this
cgranade reblogged this from icontherecord and added:Not responsibly disclosing a vulnerability like that is purposefully allowing global information security infrastructure...
more-falafel-please liked this
sexualhealingbymarvingaye liked this
null-reference liked this
spookyfitz liked this
ghostbongweedofthesamurai reblogged this from icontherecord and added:1. lmao that the ODNI has a propaganda tumblr 2. lmao if anyone trusts anything the ODNI propaganda tumblr has to say
h4ck3d-by-weev-2014-jewsdid-blog reblogged this from icontherecord and added:HAIL ERIS!!!!
- jamesclapperwanks2yourselfies reblogged this from icontherecord
riotgrrrlproblems liked this
cybertheorist reblogged this from icontherecord
thgiledelirium reblogged this from icontherecord
thebeeobee reblogged this from icontherecord and added:Government responds to article claiming it was exploiting bug on tumblr.
icontherecord posted this
This website is maintained by the