* Publish a list of vulnerabilities to manufacturers first and, in time, to public.
* Make an open-source scanner that reports (to the user) vulnerabilities in user's hardware / software.
* Spread awareness about security to the general public. This includes making them aware of the above two, as well as low-hanging fruits such as "stronger passwords", "don't reuse passwords", etc.
* Have regulatory bodies that shame / ban manufacturers that don't publish security updates. I am not a fan of regulation, but this is much more appropriate regulation than banning manufacturers for designing round-corners around screens.
* Create an agency where white-hat hackers can independently submit their findings and sponsor their work.
These are just the top off my head; would love if someone criticizes them.
There are some interesting ideas in here. Comments:
* Even private vulnerability research venues don't reliably publish to the public. When vendors pay bounties, they often keep the vulnerabilities quiet.
* NSA already does security awareness. For instance, they publish a highly-regarded series of documents on secure standard configurations for Unix and Windows systems.
* NSA can't regulate industry; they have no such authority.
* You're really comfortable with the idea of NSA outbidding private venues for vulnerabilities? (Note that the USG already does sponsor "white hat hackers" through the DARPA grant system).
* Make an open-source scanner that reports (to the user) vulnerabilities in user's hardware / software.
* Spread awareness about security to the general public. This includes making them aware of the above two, as well as low-hanging fruits such as "stronger passwords", "don't reuse passwords", etc.
* Have regulatory bodies that shame / ban manufacturers that don't publish security updates. I am not a fan of regulation, but this is much more appropriate regulation than banning manufacturers for designing round-corners around screens.
* Create an agency where white-hat hackers can independently submit their findings and sponsor their work.
These are just the top off my head; would love if someone criticizes them.