How often does someone find your secret bugs? The Vulnerability Equities Process (VEP) helps determine if a software vulnerability known to the U.S. government will be disclosed or kept secret. A key part of that calculation is the likelihood that some other party may have found the same vulnerability.
By Jason Healey, Katie Moussouris, Kim Zetter, Lillian Ablon & Trey Herr
Full Abstract & Presentation Materials: https://www.blackhat.com/us-17/briefings.html#bug-collisions-meet-government-vulnerability-disclosure