"This was the first time that Microsoft has credited the NSA for a reported security vulnerability."
I read somewhere, it wasn't the first time the NSA has told MS of a vulnerability, but previously they'd refuse to be named as the reporter. And this time it seems someone thought "Hey we can score some PR points here and be credited as the heroes!".
> The fourth was a decision at the National Security Agency to focus not on making computer networks more secure through defensive strategies, but to focus on offensive capabilities. The NSA wanted to be able to hack our enemies when they use our own software, and that meant keeping our software shitty. Essentially the shadow regulator of software security became our spies, and they regulated to ensure there would be more vulnerabilities, not fewer.
What's the best evidence for this? Particularly of "a decision" and "they regulated" -- beyond the hoarding of zero-day vulnerabilities mentioned later.
As a federal agency, they are consulted by other federal agencies. So they are an advisor and regulator in the government space.
They are secretly able to modify/control what private companies do globally, and have done so for decades, so they are a shadow regulator in the non-government space.
I read somewhere, it wasn't the first time the NSA has told MS of a vulnerability, but previously they'd refuse to be named as the reporter. And this time it seems someone thought "Hey we can score some PR points here and be credited as the heroes!".
And they've even called it "Turning a new leaf".