Nicholas Iovino reports:
The National Security Agency on Thursday defended hiding key details of its process for deciding whether to exploit or disclose software security flaws that make people vulnerable to hackers.
The Electronic Frontier Foundation sued the NSA in 2014 for withholding records on the government’s handling of “zero days,” newly discovered security flaws not yet fixed by software developers.
The lawsuit was filed after Bloomberg News reported that for two years the government knew about and exploited the Heartbleed bug, a security flaw affecting an estimated two-thirds of the world’s websites, without disclosing the threat.
Read more on Courthouse News.