Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."

I see numerous disclosures from technology companies, security researchers in industry and academia... but for the life of me, I can't recount an instance in which a disclosure came from intelligence-community researchers. Is there any historical evidence of disclosures from the NSA to the open-source community?



> Is there any historical evidence of disclosures from the NSA to the open-source community?

I would suspect that NSA would want to conceal the fact that the disclosure came from them.


Depends on whether things like this are a security disclosure or not (seems not to me, but I'm not a vuln developer): http://lists.x.org/archives/xorg-devel/2010-August/012207.ht...

I don't know of better examples though.


I'm also not a vuln developer, but this looks like someone else reported it, and an NSA-affiliated researcher created the patch to fix it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: