Thank you, Mr. Chair.
I want to ask a question of the folks from HackerOne, since the example I will use is what's going on currently in the U.S.
The NSA does what they call a vulnerabilities equities process, or VEP. Probably about a year ago I was asked about this by a journalist, because our equivalent body here—not quite equivalent; it's not always exactly analogous—the CSE, doesn't have the same kind of transparent process.
I wonder if you could talk about whether that process—in your mind, given the work that you do—has been successful in achieving more transparency when the agencies themselves are discovering vulnerabilities in software that they could potentially use to glean all kinds of information on people?