The White House on Wednesday lifted the veil on the secretive executive branch process used to determine which computer security flaws it can use in surveillance and which it will report to tech firms to allow them to patch.

The Trump administration published a first-ever charter for that system, known as the vulnerability equity process (VEP), on Wednesday morning.

Congress, the private sector and public advocacy groups have recently pushed for a more transparent version of the VEP — with more consideration of the potential danger of keeping vulnerabilities secret. By keeping these security bugs quiet, they note, criminal or foreign espionage hackers can potentially discover and use them.

ADVERTISEMENT

‌At a speaking engagement that served as the de facto launch event for the charter, White House cybersecurity czar Rob Joyce said the secrecy surrounding the VEP left that debate at least partially uninformed.

"There was a proposal to add [the Department of] Commerce to the process. Commerce was already there," he said during an onstage interview at The Aspen Institute.

The Obama administration created the VEP, but only publicly discussed its broad outlines. While the public knew the VEP required intel and law enforcement agencies to argue in front of an executive branch panel, the public did not know who was in the room for the deliberations.

The charter for the first time outlines the agencies represented in the conversation. They include the Homeland Security Department (DHS), Secret Service, Office of the Director of National Intelligence, Treasury Department, State Department, Justice Department, FBI, Energy Department, Office of Management and Budget (OMB), Defense Department, National Security Agency (NSA), Commerce Department and CIA.

That list contains far more voices speaking on behalf of disclosing vulnerabilities to manufacturers than previously thought.

DHS's focus is on protecting public systems. Treasury represents the banking system's interest in maintaining systems safe from hackers. Energy represents the same role for the power grid and OMB for government systems. And Secret Service looks to maintain secure communications channels for the president.

The Secret Service can be a "loud voice," said Joyce.

He emphasized that the government takes the importance of protecting the public seriously in its deliberations.

"So much of the fabric of our society relies on the bedrock that is [information technology]," he said, later adding "If there is a flaw in those systems, there's an imperative to make sure that flaw is not exploited."

"Both sides have to come away from that table a little unhappy," he said.

One new addition to the VEP will be an annual public report on how many vulnerabilities were discovered and were kept secret. Joyce said the rate of notifying tech firms has historically been above 90 percent.

The VEP entered the public debate in recent months after two malware outbreaks within a matter of weeks used allegedly-leaked NSA hacking tools. Those malware outbreaks, known as WannaCry and NotPetya, caused international disruptions to major business and government systems.

Sens. Brian Schatz Brian Emanuel SchatzVideo of Lindsey Graham arguing against nominating a Supreme Court justice in an election year goes viral Democrat on Graham video urging people to 'use my words against me': 'Done' Polls show trust in scientific, political institutions eroding MORE (D-Hawaii), Ron Johnson Ronald (Ron) Harold JohnsonThe Hill's Morning Report - Sponsored by The Air Line Pilots Association - White House moves closer to Pelosi on virus relief bill Second GOP senator to quarantine after exposure to coronavirus GOP-led panel to hear from former official who said Burisma was not a factor in US policy MORE (R-Wis.) and Cory Gardner Cory Scott GardnerJeff Flake: Republicans 'should hold the same position' on SCOTUS vacancy as 2016 Momentum growing among Republicans for Supreme Court vote before Election Day Gardner on court vacancy: Country needs to mourn Ginsburg 'before the politics begin' MORE (R-Colo.), as well as Reps. Ted Lieu (D-Calif.) and Blake Farenthold Randolph (Blake) Blake FarentholdThe biggest political upsets of the decade Members spar over sexual harassment training deadline Female Dems see double standard in Klobuchar accusations MORE (R-Texas), quickly introduced a bill codifying and tweaking the process known as the Protecting Our Ability to Counter Hacking Act. That legislation, still under consideration, would appoint DHS as the head of the table for VEP deliberations.

Microsoft responded to those malware attacks by asking governments to notify manufacturers of all vulnerabilities.

— Updated at 1:29 p.m.