They want to know as much about us as possible and sometimes that requires them to find vulnerabilities. At what point do the decide that leaving the vulnerabilities up for them to exploit is less important than helping companies plug the holes?
In a frank discussion about the government’s approach to vulnerabilities in cyber-infrastructure during a Washington Post Live summit Thursday, former NSA chief Michael Hayden said the agency is not always “ethically or legally compelled” to help fix flaws it knows about. If the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts. That approach might be convenient for the NSA, but it needlessly endangers the security of Americans’ computers.
