Vulnerabilities Equity Process

Overview
The Vulnerabilities Equities Process (VEP) is a process used by the U.S. federal government to determine on a case-by-case basis how it should treat zero-day computer security vulnerabilities; whether to disclosea them to the public to help improve general computer security, or to keep them secret for offensive use against the government's adversaries.

The VEP was first developed during the period 2008-2009, but only became public in 2016, when the government released a redacted version of the VEP in response to a FOIA request by the Electronic Frontier Foundation.

Following public pressure for greater transparency in the wake of the Shadow Brokers affair, the U.S. government made a more public disclosure of the VEP process in November 2017.