[crasp]

Somebody could have done that right now as well, but nobody did make them so far (or used them in any significant way that people know of).

Instead of (ab)using somebody else's mistakes to your own advantage (and possibly have it backfire) you could also tell that person about their mistakes so the whole world could benefit and there would be 1 issue less in the world to worry about.

[mysterydip]

People have, in the past. The problem is that we will never remove all 0days until we stop releasing software. That's not to say we shouldn't try (to Quarrelsome's point), but eventually the stockpile today will be obsoleted by the stockpile of tomorrow. And if nation states didn't have a pile, the seedy side of the internet would, alongside trading botnets, credit card lists, etc. My point being that while noble efforts, it won't go away and we need to figure out how to deal with it.

Here's one reason such a stockpile could be used for good: say a previously unknown vuln is attacking "our" (whomever that is for you) infrastructure. The command and control has been traced back to a cluster that's vulnerable to one of the weapons in your stockpile. Now you can potentially disable it, stop it spreading, tell all of them to run an updated version of the code that essentially does nothing, etc. For all I know, this could have happened already.