Several tools released online over the weekend remain unfixed.
Compromising the security of companies at home in order to spy on others seems hypocritical. When the news that the agency spies on citizens came out, a large part of the agency’s defense of their actions was that it was for heightened security. Compromising that very security just makes their tactics dangerous.
It is however understandable that the agency would want to use security gaps to their advantage. Though to keep companies in the dark even when they have no more use of such gaps is dangerous, because it leaves open a spot for someone else, potentially a perilous someone else, to take advantage of those very issues.
But if there really are hundreds of problems within codes, then the NSA exploiting a number of those does not heavily endanger the system considering the rest are still unknown and ripe for the picking.
The fact that these tools are out is more perilous because the agency’s process as well as the issues are open to the public. Now people know what is happening, but how does that help? Both the public and potentially very dangerous people understand how the NSA implements cybersecurity, as well what tools they use, and how they decide what to piggyback on. It seems, at least in terms of one perspective, that a significant part of their playbook was released for all rivals to see and take advantage of.
That being said, their actions are still chancy.
Source: NSA’s use of software flaws to hack foreign targets posed risks to cybersecurity