The Vulnerability Equities Process (VEP) is a controversial process that resides in the NSA that determines whether the government should withhold or disclose information about computer security vulnerabilities. VEP criticism hit a high watermark in 2014 when the federal government was accused of having advanced knowledge of the Heartbeed bug and not warning the public. The VEP may be imperfect, but it s the best the U.S. has in terms of a government vulnerability disclosure policy, said panelist Heather West.
Source: https://threatpost.com/policy-experts-push-to-make-vulnerability-equities-process-law/123883/