The only people who don't notify software developers of exploits they find in their systems are criminals. That the FBI are happy to act like black hat hackers in this is pretty amazing.
I'd be pretty amazed too if I wasn't jaded by knowledge of the history of TLAs (Three Letter Agencies, or more broadly Three Letter Acronym). I bet TLAs have quite the collection of exploits and vulnerabilities they don't tell you about. I'm quite sure some TLAs even acquire exploits on the black market. As if they don't.
I mean, for heaven's sake, "in Syria, militias armed by the Pentagon fight those armed by the CIA"[1]. And that's just the latest incarnation of this tired old worn out story.
Governments are nothing but the criminals we've decided we'd be better paying off than let run loose, whatever good it's done us. That's why governments are, ostensibly, so against 'organised crime', just a turf war really.
The only question left, then, is: What major bit of dumbshittery will government agency XZY slap itself in the face with next and get away with it.
There are probably few such criminals reading your comment now :)
There are sensible reasons not to report vulns, like utter incompetence of the system's owners or the system's security standing in the way of your perfectly legal activities.
I mean, for heaven's sake, "in Syria, militias armed by the Pentagon fight those armed by the CIA"[1]. And that's just the latest incarnation of this tired old worn out story.
Governments are nothing but the criminals we've decided we'd be better paying off than let run loose, whatever good it's done us. That's why governments are, ostensibly, so against 'organised crime', just a turf war really.
The only question left, then, is: What major bit of dumbshittery will government agency XZY slap itself in the face with next and get away with it.
1. http://www.latimes.com/world/middleeast/la-fg-cia-pentagon-i...