[doe_eyes]

They're rich, don't hold civil liberties in high esteem, and don't have a lot of in-house expertise. So, yeah - along with some neighboring states, they're a buyer for tools they use to target journalists, dissidents, etc.

China and Russia are on the same boat, but they are far more capable with in-house tech.

[Ozzie_osman]

OK i see, re-reading this with your top level post is "not all vulnerabilities are the type that could be bought by (insert state actor)", which makes sense (for some reason I thought you meant that they were buying the type of bugs that would end up getting reported to a BBP, but I just misread the original comment).

And yes the Saudis definitely bought software from NSO Group but it's also been used by plenty of other governments, including half the EU...

[borski]

Also, just to be clear - the US gov buys tons of zerodays.

[shortsunblack]

NSA banking EternalBlue was the reason for Wannacry ransomware proliferation, which killed people due to downtime of hospital systems.