On the one hand, retaining a zero-day vulnerability undercuts our collective cybersecurity. On the other, disclosing a zero-day so vendors can patch it undercuts intelligence agencies’ ability to conduct digital espionage, the military’s ability to carry out offensive cyberattacks, and law enforcement to investigate crimes.
