back to article NSA director: We share most of the [crap] bugs we find!

The National Security Agency (NSA) is only holding back a teeny, tiny number of code secrets, with director Admiral Mike Rogers promising the world the spook collective shares 'most' of the vulnerabilities it finds. The agency head made the remarks on his second visit to Silicon Valley since his appointment in April this year …

  1. Paul Crawford Silver badge

    Time scale?

    Did he say how long they sit on a bug before disclosing it?

    Given the weasel-worded manner of bureaucrats everywhere, they could disclose them a year or two later and still be technically correct in saying they share discovered vulnerabilities.

    1. Anonymous Coward
      Anonymous Coward

      Re: Time scale?

      Most likely pretty, quickly...they just hold onto "some" of the more useful ones.

    2. Eddy Ito

      Re: Time scale?

      To be fair, he said "we're going to share them" but I notice that he didn't say with whom they were going to share the vulnerabilities. It it talks like a weasel and so forth.

  2. Anonymous Coward

    The NSA.....


    Sorry I fell asleep at the first weasel words...did I miss much?

    1. Oninoshiko

      Re: The NSA.....

      yes, you missed a lot of weasel words.

    2. SolidSquid

      Re: The NSA.....

      Missed the article I suspect

  3. Anonymous Coward
    Anonymous Coward

    Waste of breath. You probably wouldn't trust a word from an NSA employee if they were telling you whether they take milk in coffee.

  4. Graham Marsden
    Big Brother

    "By orders of magnitude, when we find new vulnerabilities, we share them."

    And *of course* we believe them.

    After all, they're only doing it in our best interests, aren't they...?

  5. Roger Lancefield

    Give us teh powers!

    'He said Google and Apple were "in denial" that full-device encryption would not help terrorists'

    As they say: "A policeman's job is only easy in a police state."

    1. Robert Helpmann?? Silver badge

      Re: Give us teh powers!

      This sort of logic is painful. By definition, everything that X uses to accomplish X's goals helps X. No weasel words, just circular logic. He might have argued his case that extraordinary threats require extraordinary measures, but that they should only be applied to those same threats and no further a lot more successfully. That they maintain a bug collection to use in support of their mission makes sense and should come as no surprise to anyone. That they are discussing this publicly is better than what was done before, even if the change was thrust upon them from outside. Perhaps the following disclaimer should be appended to all such statements.

      Warning: Consumption of the previous statement requires a high level of sodium consumption if unaccompanied by a dose of Kool-Aid. Please use caution.

  6. This post has been deleted by its author

  7. channel extended

    Our daily bread.

    He should have complained that the bread maker's and seller's were helping the terrorist. After all if they didn't make bread that the terrorist eat then the terrorist would starve. Everyone should be required to carry their bread out in the open so the police could see who is carrying the dangerous breads and seize them without recompense. Then the police would need to eat the bread just to see if it was poisonous. And terrorist are whoever he says they are.

    So to quote NJ Gov Chris Cristie " SO SIT DOWN AND SHUT UP!"

  8. Adam Inistrator

    in denial

    and he is in denial that the government is out of control and there are daily abuses of power that affect thousands and chill millions

  9. Gary Bickford

    It's probably true - at least for the Information Assurance Directorate

    NSA has three or four Directorates. Signals Intelligence Directorate is the spooks that everyone talks about. IT is the folks who run the computers. Information Assurance Directorate is chartered to protect American industrial and government resources - they are the anti-spooks. There may be others I don't know about - I don't follow them, I've just picked up things here and there from folks who know. IAD is probably the part of NSA that is funding the TOR project, and they have found and disclosed both bugs in crypt code in order to get it fixed, and attempted or actual penetrations to US institutions - they have saved several companies from bad things, and probably have done the same for government agencies. I think they're the ones who do the high security Linux distribution as well.

    So, NSA is not one big monolithic spook-dom. It's multiple groups doing different things, and almost certainly in some cases at cross-purposes. IAD is trying to make things like TOR stronger, while the spooks are trying to break into it.

  10. Spaceman Spiff


    Except those interesting ones that they can exploit to hack our systems! Yes, they will report crap bugs and malware. What do they want with them anyway?

  11. Palf


    when you lie to me

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020