When Canada's electronic spy agency finds a security flaw in a widely used operating system or a much-loved messaging app, what it does next is anyone's guess. The Communications Security Establishment (CSE) has a policy governing this process but won't disclose or discuss it. NDP MP Matthew Dubé would like to see Canada follow the U.S.'s lead and make the CSE's policy public. The most recent policy was released by the government last November, and requires an annual, partly unclassified report on outcomes of the review process. - Ryan Foreman, spokesperson"As previously noted, CSE has a rigorous process in place to assess and review vulnerabilities," CSE spokesperson Ryan Foreman wrote in an emailed statement to CBC News.

Source: CBC News February 01, 2018 09:00 UTC