But among other things there's this bit from Rick Ledgett, a deputy director who heads the NSA’s Media Leaks Task Force: "We are heavily biased toward defense," Ledgett adds, citing one case in which the NSA discovered a serious vulnerability in one company's software that could have impacted users all over the world. "We talked about it for a few days internally and decided it was so critical to the entirety of the US government and most of America that we disclosed [the vulnerability to that company]. We could have made hay on that forever on a huge range of targets."
Wow. The NSA responsibly disclosed *a* serious vulnerability. Well… kudos to the NSA!
That one anecdotal story of disclosure almost (but not even quite) makes up for the numerous zero-day exploits, drivers signed with stolen (JMicron and Realtek) certificates, MD5 hash collisions, and the CPLINK vulnerability unleashed upon the world via Stuxnet, Duqu, and Flame.
We are heavily biased toward defense?
Please. That just doesn't pass the straight face test.