madrupe

Mr Harris, What are your thoughts on governments cataloging zero day vulnerabilities for later exploitation? Doesn't this create unnecessary risk in the cyber domain? How are cost/benefit decisions made with respect to maintaining vulnerabilities as opposed to giving them to companies to patch?

Thanks for the response; apologies for missing the earlier question. I'm familar with the report and its "recommendation 30". Do you have any sources that the NSA is the single largest procurer of ZDs?

It seems as though there is an inherent tension between promoting security and maintaining access to intel. Not easy to resolve.