back to article UK vuln 'fessing pilot's great but who's going to give a FoI?

A security researcher has welcomed the UK's launch of a vulnerability co-ordination pilot while cautioning that a strategy for handling Freedom of Information requests needs to be developed. The National Cyber Security Centre (NCSC) scheme will focus on handling vulnerabilities that crop up in government-run systems. The …

  1. Version 1.0 Silver badge

    See Cure itty bitty

    It's a lovely idea, that we can somehow post peoples personal information on the Internet and it will be absolutely safe - but realistically, all the evidence to date suggests that it is simply not possible. We can maintain the illusion for a while, but inevitably it fails. I think that we have two options (three actually):

    1. Stop posting private information on the Internet.

    2. Accept that nothing is private and live our lives in the open.

    or just continue doing what we're doing in the belief that someday it might just work (it won't).

  2. LondonGull

    Commit to publish flaws

    FOI provides an exemption for information intended to be published, so providing HMG makes an upfront commitment to publish details of resolved vulnerabilities (rather than stuffing them in the zero day sack)...

  3. John Smith 19 Gold badge
    Unhappy

    Let's see how this works in practice.

    The UK government and disclosure.

    Not the happiest of bedfellows.

    1. tiggity Silver badge

      Re: Let's see how this works in practice.

      Indeed.

      " I wonder how long it will be before they get their first FOI [freedom of information] request and it will be interesting to see how they handle them."

      The usual canned govt, response is that it cannot be done as disproportionately expensive, the screw you response of choice for most gov depts IMHO.

  4. Anonymous Coward
    Anonymous Coward

    Good idea, but almost as scary as backdoored Crypto.*

    I guess the cost of running this will be lower than buying 0days elsewhere..

    Hope the pilot scheme has appropriate** security in place.

    Is this a cost saving measure by GCHQ & Friends? ;-)

    "Bad Actors"*** of all shades will be after this treasure trove.

    - AC because...

    * Clearly Team USA has had some issues keeping secrets at a Government Level - Why would this work?

    **As in actual, robust compliance that's frequently auditied.

    ***Insert appropriate TLA or "State Level" entitiy here

    1. Helder

      Re: Good idea, but almost as scary as backdoored Crypto.*

      All crypto, if the message is long enough, has a built-in backdoor. Two exceptions - one-time pad and the NINO-cipher. Computer security as you know it is about to be flushed down the toilet, forever. It's secrecy for children, that's why script-kiddies can hack it.

      Hyper-encryption is here and it'll scare the shit out of you.

  5. Scott 53
    Headmaster

    "flaws that ought to be swiftly and discretely resolved"

    Surely if someone wants to resolve several flaws all at once they should be allowed to do so.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon