But it seems like it's just words and business as usual.
I'm curious what their response would be in the perfect storm scenario. A foreign country or criminal enterprise causes severe damage to much of the US. Both the intelligence agencies, government secrets, and the technology industry are severely impacted, crippled even. And the enabler? A series of vulnerabilities they didn't disclose.
How much damage has to be done before people wake up and realize that what NSA doing is effectively pointing armed nuclear warheads at high-value targets in the US and giving our enemies the controls? The fact that NSA refuses to disclose serious vulnerabilities is an indication to enemy governments and criminals that spending money finding these vulnerabilities is going to be an extremely effective tactic.
I mean this seriously: this is actively telling our enemies how to attack us. How is this not treason?
> Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.
"If we have a policy of not disclosing the vulnerabilities we know, what we're really doing is promising foreign countries that the exploits they discover against us will work forever."