A Freedom of Information Act (FOIA) lawsuit was filed against the NSA and the Office of the Director of National Intelligence for failing to provide documents about how intelligence agencies decide whether or not to disclose zero-day security flaws. The Electronic Frontier Foundation (EFF) filed this lawsuit following a report alleging that the NSA knew about the Heartbleed vulnerability two years before the public knew about it. The FOIA is asking for « all records, including electronic records, concerning or reflecting: the development or implementation of the ‘Vulnerabilities Equity Process’ and… the ‘principles’ that guide the agency ‘decision-making process for vulnerability disclosure’ in the process described in the White House blog post. »
Source: Dark Reading