How often does someone find your secret bugs? The Vulnerability Equities Process (VEP) helps determine if a software vulnerability known to the U.S. government will be disclosed or kept secret. A key part of that calculation is the likelihood that some other party may have found the same vulnerability.

By Jason Healey, Katie Moussouris, Kim Zetter, Lillian Ablon & Trey Herr

Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefi...