[devonkim]

The government is already accused of being in bed with commerce all the time ala fascism comparisons, NSA helping companies directly like this could be viewed as favoritism for big companies and politically dangerous. Also, NSA's offensive mission is historically to attack nation-states aligned to the federal government's needs rather than to attack commercially motivated hackers. This is blurring with national security issues like espionage and economic terrorism coming into play, but this again raises the question of where the dividing line between helping private enterprise with tax dollars should go compared to doing something for everyone's benefit.

There is also a defensive side to NSA's mission that is defense-oriented (IAD), but the most recognizable contributions that most of the HN crowd may be familiar with are SELinux and perhaps a modest body of research involving how to secure your systems (the defense side is much more open than the offensive side). The problems I see there is that these measures are all very much aimed at large corporations, not start-ups (seriously, I can count the number of start-ups outside the intelligence / DoD space I've ever heard of that use SELinux or follow NSA hardening guidelines on two fingers) and there is clearly a huge gap between how much big businesses take security seriously compared to start-ups from both a cultural and business driven set of motivations.

The number of start-ups derailed / completely wiped out by extortion attempts is rather small compared to the number that actually exist but the legions of security consulting companies around the DC beltway wants everyone to think that it's really terrible and that everyone's a target. The truth is that everyone needs to be secure "enough" to not be as vulnerable as the really stupid guys and that while it might sting a lot to be down for a few hours or so and lose revenue / trust from users, diverting your company's resources towards hardening so much is quite costly for smaller companies and it's just more practical to have really fast re-provisioning set as a priority for your devops / ops engineers (most start-ups can do this far better than larger companies).