How often does someone find your secret bugs? The Vulnerability Equities Process (VEP) helps determine if a software vulnerability known to the U.S. government will be disclosed or kept secret. A key part of that calculation is the likelihood that some other party may have found the same vulnerability. Yet, for years there has been little to no good analysis to say how often two parties independently discover the same vulnerability.
Suddenly in 2017, two studies which addressed this question were released within days of each other with different findings. Join us for a discussion with the lead authors and several luminaries in the security space as we pick apart the key findings from these reports and their implications for the policy community.