Subscribe

Passcode How Washington evaluates software vulnerabilities

The US government keeps some security flaws for itself. We take a look inside the secretive process to decide which ones to keep - and which ones to reveal to tech companies.

Illustration by Alicia Tatone

In August, the National Security Agency (NSA) found itself scrambling to figure out how a group dubbed the Shadow Brokers obtained the agency’s alleged hacking tools, some of which they posted online and others they offered to the highest bidder. The startling breach not only revealed that the NSA seemed to rely on previously unknown security vulnerabilities – called zero-days – in Cisco and Fortinet commercial software to carry out digital espionage campaigns, it also exposed NSA tactics to foreign adversaries.

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK