In 2013 the NSA added a new $25.1 million line item to its classified black budget. That was how much it planned to start spending each year to procure “software vulnerabilities from private malware vendors.” By one estimate, that would enable the agency to purchase as many as 625 zero-days a year, in addition to the vulnerabilities the agency was developing in-house.
