The National Security Agency (NSA) has used sensitive data on network threats and other classified information as a carrot to gain unprecedented access to information from thousands of companies in technology, telecommunications, financial, and manufacturing companies, according to a report by Michael Riley of Bloomberg. And that data includes information on “zero-day” security threats from Microsoft and other software companies, according to anonymous sources familiar with the data-swapping program.
The NSA isn’t alone in the business of swapping secrets with the corporate world. The FBI, CIA, and Department of Defense (DOD) also have programs enabling them to exchange sensitive government information with corporate “partners” in exchange for access to things like information on cyberattacks, traffic patterns, and other information that relate to network security.
The NSA’s dual role as the security arbiter for many government networks and as point organization for the US government’s offensive cyberwarfare capabilities means that the information it gains from these special relationships could be used to craft exploits to gain access to the computer systems and networks of foreign governments, businesses, and individuals. But it remains unclear just how much of a head start information about bugs actually gives NSA or whether companies actually delay posting fixes on the NSA's behalf.