For the most part, any party the NSA might be interested into is going to be running an OS and an application suite that will also be used by Americans a whole lot. Probably even other government agencies.
So, every zero day they find and weaponize, is a zero day that they don't tell the vendor about. So to be able to be aggressive with exploits, they have to leave American computers exposed too, and hope nobody else has found the exploit. So even with the same budget looking for vulnerabilities, doing the right thing for one of their roles makes them worse for the other.
It's a bit like the encryption problem: An encryption system with a backdoor that the NSA has weakens American security too, because the backdoor itself is a valid intelligence target: Infiltrate the NSA, take the backdoor key, and anything the NSA can snoop into, someone else can too.
So doing both defense and offense without major tradeoffs requires having some kind of edge that nobody else can ever have: For instance, the rumored gigantic cluster that can crack specific SSH communications, which they expect nobody else to be able to replicate, just due to the cost of the hardware. That's a far more limited offense than what we know the NSA had at the time of the Snowden leaks.
So my guess, based on public information, is that they do trade-offs, and disclose the issues that they think are easier to find, while keeping around enough ammunition to have something against pretty much every target.
So, every zero day they find and weaponize, is a zero day that they don't tell the vendor about. So to be able to be aggressive with exploits, they have to leave American computers exposed too, and hope nobody else has found the exploit. So even with the same budget looking for vulnerabilities, doing the right thing for one of their roles makes them worse for the other.
It's a bit like the encryption problem: An encryption system with a backdoor that the NSA has weakens American security too, because the backdoor itself is a valid intelligence target: Infiltrate the NSA, take the backdoor key, and anything the NSA can snoop into, someone else can too.
So doing both defense and offense without major tradeoffs requires having some kind of edge that nobody else can ever have: For instance, the rumored gigantic cluster that can crack specific SSH communications, which they expect nobody else to be able to replicate, just due to the cost of the hardware. That's a far more limited offense than what we know the NSA had at the time of the Snowden leaks.
So my guess, based on public information, is that they do trade-offs, and disclose the issues that they think are easier to find, while keeping around enough ammunition to have something against pretty much every target.