Australia’s Intelligence Agency Publishes its Vulnerability Disclosure Process

The Australian Signals Directorate (ASD), Australia’s closest counterpart to the U.S.’s National Security Agency (NSA), has published its process for disclosing cyber vulnerabilities. ASD’s process starts with the assertion that its default position is to disclose all vulnerabilities it discovers, so that vendors can develop and issue patches. Similar to the NSA, the ASD indicates it will not disclose vulnerabilities it believes can be put in the service of national security. “Occasionally, however, a security weakness will present a novel opportunity to obtain foreign intelligence that will help protect Australians. In these circumstances, the national interest might be better served by not disclosing the vulnerability,” states the ASD document outlining the process. Read the article at Security Week.