> The NSA shouldn't just be an attacker it should also provide defence.
Uh, it actually does exactly that. That is the second major mission objective of NSA, is to ensure that the USA's own communications are secure. For example, the SHA-1 hash standard that underpins much of our cryptosystems was developed wholly by NSA as an alternative to MD5 (which was apparently even at the time thought to be weak at NSA).
However there's a difference between ensuring that the theoretical underpinnings of COMSEC are adequate and releasing 0-days. There will always be exploits in web browsers used by people, so NSA is not "helping the citizens" by releasing each and every one of those secretly to browser developers. They can effectively only hamstring them own mission goals by doing that.
Uh, it actually does exactly that. That is the second major mission objective of NSA, is to ensure that the USA's own communications are secure. For example, the SHA-1 hash standard that underpins much of our cryptosystems was developed wholly by NSA as an alternative to MD5 (which was apparently even at the time thought to be weak at NSA).
However there's a difference between ensuring that the theoretical underpinnings of COMSEC are adequate and releasing 0-days. There will always be exploits in web browsers used by people, so NSA is not "helping the citizens" by releasing each and every one of those secretly to browser developers. They can effectively only hamstring them own mission goals by doing that.