A 0-day is immediately applicable for offense and must be immediately patched for defense.
This outlines why there's a problem with a single agency tasked with offense and defense. If you had agency tasked only with the defense of US infrastructure, it would have a clear mandate to patch zero days. Any "offensive" agency would have to deal with it doing this (just as such offensive agencies deal with zero days being patched by others).
It seems entirely reasonable to prioritize protecting US infrastructure over the possibility of a spy agency culling another nations' secret.
Legal mechanisms for one way doors seem possible. The offensive agency can communicate info about 0 days to the defensive one, but not the other way around.
Except bureaucracies are going to do what they do. The offensive agency will hold back information, and when an attack occurs on the defensive agency, calls for bringing the defensive agency under the umbrella of the offensive agency will be made.
Brats fighting over resources while Mom just wants to sleep. It's not their fault, it's the nature of political organizations.
Sure, you could fix it with centralized oversight and stringent information sharing rules. But eventually you're either strangling them with rules or building one conceptual agency.
This outlines why there's a problem with a single agency tasked with offense and defense. If you had agency tasked only with the defense of US infrastructure, it would have a clear mandate to patch zero days. Any "offensive" agency would have to deal with it doing this (just as such offensive agencies deal with zero days being patched by others).
It seems entirely reasonable to prioritize protecting US infrastructure over the possibility of a spy agency culling another nations' secret.