[55555]

I know this would be hard to keep under wraps, and extremely difficult for closed source software, but it seems like the right answer here would be for the NSA to create patches for government use.

If the government only used open-source software, the NSA could create patches that only the government would use, while keeping zero days that can be used against everyone else.

If the government started requiring all/most software to be open-source, it would create a market. There's no way big government vendors would refuse to create open source software. They would just shift to monetizing more heavily using consulting services, or support, or something.

[Xylakant]

I think this would be even worse. The number of people that would need to have access to the patched versions would be too large to effectively secure and the patch would deliver knowledge about the vulnerability to any potential attacker. Government computers would be protected, but contractors and other businesses placed at higher risk.

[bayindirh]

Doesn't SELinux provide some of that?

Tightly enclose all running software with a beyond-root, kernel-level authority/sandbox, so even vulnerabilities only we know can't harm us if they're discovered?