The Vulnerability Equities Process (VEP) is the USA government’s inter-agency process of determining whether or not to disclose software vulnerabilities to software vendors.

According to the White House Cybersecurity Coordinator, the key points through which the final result is determined are: transparency in order for the American people to have confidence in the process, representing the interests of all stakeholders (such as commercial interests, law enforcement, and international partners), and accountability for the decision making.

Additional Information

  • The White House released an updated VEP in November 2017.

See Also

NOBUS is an NSA term for the general approach of deciding whether or not to disclose, rather than an actual process.


Last updated: 1 March 2018