A good time to remember the actual policy of the US government on 0-days (the so-called VEP), which is more nuanced than the tinfoil hat crowd is willing to understand. https://epic.org/privacy/cybersecurity/vep/
Interesting read. Anyone know where the vulns disclosed under so-called VEP are listed? Effectiveness the VEP policy, which the FBI directory calls "informal", would be measurable now when comparing disclosed via VEP vs undisclosed/disclosed via leak.