NSA Discloses “Most” Zero-Day Exploits

Here’s a fun read about the NSA claiming that it discloses most of the zero-day vulnerabilities that it finds. For those who don’t know, “zero-day” vulnerabilities are vulnerabilities are weaknesses typically in software that aren’t publicly known. Which also means that no patches exist for them, so they are coveted and worth a lot of money within the security industry.

The article quotes some security experts who are calling BS on this claim, in fact some vendors like the one that develops the Firefox browser are claiming that they have never seen a single disclosure come in from the NSA. And I can see where there might be doubt, the NSA is in the game of intelligence so if you have a zero-day that you can use to further your advantage why wouldn’t you. Other countries security agencies probably wouldn’t.

So what I am saying here is if the NSA does indeed discloses and reports zero-day vulnerabilities it finds, good on them. But if they don’t, I completely understand as well.

–Kevin