Cyber Statecraft Initiative Director Jason Healey is quoted by Bloomberg on new White House guidelines to limit the use of software flaws:
Implementing the new guidelines — described by the White House as reinvigorating an existing process for determining when zero days should be disclosed — will require institutional barriers to be swept away, said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council in Washington.
[…]
Additionally, it’s unclear whether the agency will apply the new guidance only to newly discovered vulnerabilities or whether it will also include the existing stockpile, which represents millions of dollars of research and development, the Atlantic Council’s Healey said. “I could see them grandfathering all of that in,” he said.
If those vulnerabilities are disclosed, it will be discreetly, through direct contacts with software and hardware vendors, Healey said.