Re: I've been saying this since the Snowden revelations came out...
Exactly. The Windows zero day (for example) will get reported to Microsoft when both
* A better/faster/less detectable exploit is discovered/purchased; AND
* They catch an adversary doing it.
If the first point hasn't happened, the second point won't be a consideration.