"When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose."
This is demonstrably false. That's not even a point of debate, by their own admission.
That was my first reaction too. I'm probably late to the party on this, but when I saw the tumblr domain I thought it was some kind of satire at first.
Second:
"When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose."
This is demonstrably false. That's not even a point of debate, by their own admission.
The whole statement is worthless.