Two US senators have proposed a law limiting American intelligence agencies’ secret stockpiles of vulnerabilities found in products. The Protecting our Ability To Counter Hacking (PATCH) Act [PDF] would set up a board chaired by an Department of Homeland Security (DHS) official to assess security flaws spies have found in code and hardware, and decide if manufacturers should be alerted to the bugs so they can be fixed for everyone. Right now, as you probably know, the NSA et al discover exploitable programming and design blunders in computers and networking gear, and keep a bunch of the bugs to themselves so they can be used to infect and spy on intelligence targets. This means they’re not patched, leaving the flaws for miscreants and rival snoops to find and attack.
View full story
ORIGINAL SOURCE: The Register