It does not sound very sexy.
But the Vulnerability Equities Process drives how, when, and if the U.S. government tells the private sector and the public about cybersecurity vulnerabilities.
And now we know more about this process than we ever have, thanks to the White House Cyber Co-ordinator Rob Joyce who shared details. 
Here are some of the key intelligence, law enforcement, and operational questions the U.S. government reviews when it discovers a vulnerability that would allow it to secretly hack and attack systems and networks.
These are part of what leadership weighs when deciding whether or not to tell the rest of us.
Operational value considerations
• Can this vulnerability be exploited to support intelligence collection, cyber operations, or law enforcement evidence collection?
• What is the demonstrated value of this vulnerability for intelligence collection, cyber operations, and/or law enforcement evidence collection?
• What is its potential (future) value?
• What is the operational effectiveness of this vulnerability?
Operational impact considerations
• Does exploitation of this vulnerability provide specialized operational value against cyber threat actors or their operations? Against high-priority National Intelligence Priorities Framework (NIPF) or military targets? For
• Do alternative means exist to realize the operational benefits of exploiting this vulnerability?
• Would disclosing this vulnerability reveal any intelligence sources or methods?
Says Joyce: "The Federal government has an important responsibility to closely guard sensitive information and protect vulnerabilities. Any unauthorized disclosures damage both our reputation and our ability to carry out intelligence missions."
"These consequences have only heightened our interest and awareness in ensuring we conduct the VEP in a manner that can withstand a high degree of scrutiny and oversight—a consideration that does not often encumber our adversaries. The United States is a world leader when it comes to this topic, and no other nation in the world has created and run a process as advanced and meticulous as ours."
The process also includes many other considerations, which you can review in the government's fact sheet.
So it turns out that the Vulnerabilities Equities Process is a forgettable name, but all of us live with the consequences of what is in the document and how it is carried out.
