"Government Outlines When It Will Disclose Or Exploit Software Vulnerabilities... ...[T]he White House rolled out new guidelines on Wednesday for the process it will use to decide when to inform tech companies about vulnerabilities discovered in their software, and when agencies will decide to keep something classified. The Vulnerabilities Equities Process Charter lays out what to do once a vulnerability is both "newly discovered and not publicly known" (emphasis theirs)... Officials will consider factors like how widely a product is used, how likely hackers are to discover the flaw, how much damage it can do, and how easily it can be patched. They'll also weigh how valuable an exploit is for gathering intelligence or helping law enforcement, and its effect on the government's relationship with businesses..." https://www.npr.org/sections/alltec...-disclose-or-exploit-software-vulnerabilities The Vulnerabilities Equities Process Charter: https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF