The existence of these capabilities begs many questions critical to the future of cyberspace:
Should the NSA have told vendors like Cisco about these vulnerabilities?
What is the process for determining whether to retain or disclose them to vendors?
Do these revelations mean this process is broken?
How many does the U.S. government retain every year?
How big is the U.S. arsenal of such capabilities?
What should be done next?