Until recently, the NSA has been able to do what it wants without having to explain anything to us, the little people. At the end of October, the agency published an infographic to tell us all exactly what they do (most of the time.)
The infographic promotes the fact that when the NSA finds security vulnerabilities or zero-days in software, it makes them public 91 percent of the time. Although when the NSA does take the case public, it has already exploited it for its own purposes. There is no information about how quickly disclosures happen.
Betanews says that the NSA is now “seeking to reassure people by pointing to the number of flaws it does disclose” but most people are instead fixated on the 9 percent of software issues that the agency doesn’t report. And if the NSA knew the Internet better, they would not be surprised by that at all.
When the NSA discloses a software vulnerability, developers can then make patches and fix the issue. But when those vulnerabilities are left unattended they become a gaping hole of insecurity. On the NSA website, it says that “the remaining 9 percent were either fixed by vendors before we notified them or not disclosed for national security reasons.” Which could be fine if it’s true, but in this situation we’ll never know for sure.
Image credit: Shutterstock