The interviewee also comments that every few lines of code contains a bug. Having contracted for many companies over the years, and seen a great deal of source code, I can’t argue with that. Very few programmers even properly understand the language they use. But there’s one hell of a difference between a bug and an exploit. An exploit is a bug you can get to and abuse. Yes, I can believe a quantity in an normal product, but tens of thousands? Really?

Anyway, all that is beside the point. The spy agencies absolutely have to firefight attention away from the message put out by Snowden’s leak. This means putting out lots of other stories, and I reckon this is one such. There will be elements of truth in it, given the best lie is the truth, but given the goal is attention, there will be exaggeration. That’s another reason I doubt ‘the tens of thousands of zero–days bugs in single applications’.

But I reckon there’s an unintended consequence in this. Another message that comes out of all those zero–days is that the attackers have the overwhelming hand, so there’s effectively no chance of being able to defend against attack. In other words, why bother? And since the article also says the secret squirrels themselves don’t bother, the messages the ultimately comes out is that defence as defence is hopeless, but that offence works, so the only defence is offence. Cue far more commercial and criminal arming.

Anyway, there’s going to be lots of checking out colleagues of Snowden, and some jobs will no doubt be lost. There’s always a need for recruiting new people, even more now. This story reads rather like a Stross novel, it’s rather exciting, just the right background for recruiting young impressionable, shapeable, minds. So I reckon you should read this article as an ad for vacancies for the young, naïf & clever.