NSA says it usually reports software vulnerabilities to manufacturers
The NSA says it passes on vulnerabilities it discovers in software 90 percent of the time to its creators. With this, the government organization wants to defend itself against the accusation that it hides software vulnerabilities for espionage.
This concerns ‘serious vulnerabilities’ in software, according to Reuters news agency, based on statements by the NSA and American officials. So although in most cases such errors are passed on to software makers, that does not mean that they are not first used for espionage. It is possible that the NSA first uses the found bugs itself before reporting the find to the manufacturers.
By stating that it reports software vulnerabilities to manufacturers, the NSA wants to defend itself against accusations that it uses bugs to gather information. Such practices ensure that software remains vulnerable to hacking attacks, according to the critics. Incidentally, the security service admits that it does not report all vulnerabilities found.
Last year, US President Obama announced that the NSA can no longer keep all security vulnerabilities secret. In most cases, bugs must be disclosed, but there is an exception for “domestic security and law enforcement.” The NSA thus seems to comply with this requirement of Obama.