Risky Bulletin cover image

Risky Bulletin

Between Two Nerds: Is 39 vulnerabilities a lot?

Feb 17, 2025
The discussion opens with the U.S. Vulnerabilities Equities Program, balancing intelligence needs with public safety. They dive into the dilemma of disclosing vulnerabilities, weighing the risks of keeping them secret. Techniques for exploiting systems are examined, emphasizing operational security. The notorious EternalBlue vulnerability is scrutinized for its silent dangers and delayed fixes. Lastly, the speakers explore the shifting landscape of cybersecurity, highlighting the need for adaptable strategies and the importance of transparency in vulnerability disclosure.
30:04
Creator website

Podcast summary created with Snipd AI

Quick takeaways

  • The Vulnerabilities Equities Program balances national security and public safety by weighing the benefits of intelligence against disclosure risks.
  • The disclosure of 39 vulnerabilities in 2023 highlights a growing commitment to cybersecurity transparency amidst ongoing concerns about undisclosed threats.

Deep dives

Understanding the Vulnerabilities Equities Process

The Vulnerabilities Equities Process (VEP) is crucial for determining how the US government handles discovered security vulnerabilities. This process involves weighing the benefits of keeping a bug secret for intelligence purposes against the potential risks it poses to American interests. It is designed to encourage the disclosure of vulnerabilities found by agencies like the NSA, allowing for more comprehensive security for software and systems. The conversation highlights ongoing concerns about the number of vulnerabilities that are kept undisclosed, suggesting that a more transparent approach could lead to better cybersecurity outcomes.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode