Right. I don't think bounties like this alarm NSA in any way. In fact, since NSA probably believes it has a practically unlimited capability of acquiring Windows vulnerabilities, the bounty probably helps, by taking the heat off them and the intractable notion of a "vulnerability equities process".
I think it's more important to remember the NSA's primary goal in other security conversations. What you really don't want to do is propose protocols that leave plausible-but-difficult attack vectors for NSA, because "plausible-but-difficult" is probably inscribed in Latin on some seal somewhere in Ft. Meade.
I think it's more important to remember the NSA's primary goal in other security conversations. What you really don't want to do is propose protocols that leave plausible-but-difficult attack vectors for NSA, because "plausible-but-difficult" is probably inscribed in Latin on some seal somewhere in Ft. Meade.