NSA director: We share most of the [crap] bugs we find!
Crypto, crypto everywhere, 'til all the
boards databases did shrink
The National Security Agency (NSA) is only holding back a teeny, tiny number of code secrets, with director Admiral Mike Rogers promising the world the spook collective shares 'most' of the vulnerabilities it finds.
The agency head made the remarks on his second visit to Silicon Valley since his appointment in April this year.
Admiral Rogers told students delegates that US President Barack Obama asked the agency that it should share more of its vulnerabilities with the public.
"The president has been very specific to us in saying 'the balance I want you to strike will be largely focused on when you find vulnerabilities, we're going to share them'," Admiral Rogers said Monday.
"By orders of magnitude, when we find new vulnerabilities, we share them."
He said there were "some instances" when it would not disclose bugs, Kaspersky's ThreatPost reported, depending on how "foundational and widespread" a vulnerability was, and who it affected.
"Is it something you tend to find in one nation state? How likely are others to find it? Is this the only way for us to generate those insights we need or is there another alternative we could use?" Rogers said. "Those answers shape the decision."
The statement did not reveal the agency as a warm-and-fuzzy disseminator of vulnerabilities, given that disclosing the most valuable bugs (according to Admiral Rogers' analysis) would hinder its offensive hacking spy wing.
Echoing his newly-minted British GCHQ counterpart Robert Hannigan, Admiral Rogers took aim at technology companies which had laden their products and services with encryption in a bid to gain favour with an increasingly privacy aware public still smarting from the Snowden spy disclosures.
He said while a "fundamentally strong internet" was in US interests, the NSA would "deal with" the rise of increasingly encrypted products.
Hannigan used his first day on the job to give US technology giants a remarkable pasting for encrypting products labelling the firms as terrorist funnels.
"However much they may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us," Hannigan told the Financial Times.
He said Google and Apple were "in denial" that full-device encryption would not help terrorists
Electronic Frontier Foundation legislative analyst Mark Jaycox told the NZ Herald Admiral Rogers failed to addressed the NSA's "more egregious activities like disrupting national standards for encryption or the NSA's hacking of American companies' internal databases". ®
Sponsored: Becoming a Pragmatic Security Leader