[JumpCrisscross]

> It's like saying peace is trendy and we should not try to go weaponless

In physical warfare, the only way to increase your defensive (i.e. deterring) military advantage, relative to an adversary, is to add better materiel. (The other option is to reduce the adversary's material, i.e go to war, which itself requires a military advantage to make sense.)

In "cyber," that's not the case. A hoarded vulnerability may end up being used against your own country. Adding vulnerabilities to your stockpile increases your offensive capability while simultaneously forcing you to leave an opening in your defenses unrepaired. We don't have a good analogy for this in meatspace, which is why it's hard to debate at the political level.

I don't think all vulnerabilities should be automatically extinguished. At the other end of the spectrum, the NSA hoarding bugs in the software that runs disproportionately American infrastructure systems is patently silly.