Re: You're only as good as 'your weakest links'...
I did start my initial post with a disclaimer saying I don't necessarily support what the security services do, you know...
But my point is - if you want the spooks of your country to have "cyber" capabilities, you need to allow the people doing that to have the tools needed. And those tools do include exploits for 0day vulnerabilities.
And the probability of hurting your own capabilities by disclosing something is exactly 100%, while the probability of hurting even one of your opponents is much less. Unilaterally disarming would be interesting, to say the least, but I'm not sure the people calling for it would be very happy with the result.
Plus the fact that fixing individual bugs often do very little to improve security for anyone, which is always worth hammering into people's heads. If your security is only as good as the "weakest link" (whether that's buggy software or stupid users), you should fire whoever is in charge of it and hire someone who can actually do the job instead.
Biting the hand that feeds IT
