The NSA (National Security Agency), according to a former technical director, Richard George, regularly discloses thousands of software and hardware bugs per year to companies.
The agency itself has previously shared statistics that revealed how it collects information and shares it with the companies it affects.
Retired technical director reveals why
From the early 1990s, when George began working for the NSA, to his retirement in 2011, he claims that he was responsible for disclosing serious bugs to private companies.
“I imagine everybody had a similar process to the one that we had at NSA,” he said. Regulations required a review board, he explained: “Anybody who finds a vulnerability in a product has to report it to that board, so that we can figure out how we are going to address it,” he continued, “You can’t just say, ‘You have a problem here,’” he said. “You’ve got to convince them that there is a problem. (You) really have to have details about what the problem is.”
George also disclosed that in the 15 years he spent working as technical director at the NSA, from the bugs he reviewed, the only times a vulnerability was not reported was when the agency could not find the company involved.
Due to these disclosures, it makes it seem as though the NSA, intelligence agencies and the government may play a far more significant role in helping patch over digital rips than people knew, but what they do with the information they find before they release it is still unknown.
Written by Jordan Platt.