As they say in the article, they hardly ever have to bother paying for exploits.
Perhaps that's what they say, but anything that NSA says is suspect. They did pay for them, and still do.
Yup, I did read Countdown to Zero Day, by Kim Zetter, which is largely about Stuxnet, but the book discusses the entire NSA cyber war program and its history. They are stockpiling hundreds of zero day exploits and they are not telling the software vendors, and they are even publicly arguing that this is a good idea.
There was a remarkable post last week
on stealing a person's identity via Amazon... https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4...
Well isn't that special?
The only issue I have with the notion that they shouldn't do customer support for people who can't log into their accounts is the one I often have when people say there should be a one-size-fits-all response regarding software: What about blind people who use screen reader software?
Amazon's website is not fully accessible to screen reader users. It used to be better but they recently made some changes. I frequently watch my wife, who is blind, struggle for up to an hour to try to find some simple piece of information on the Amazon site that I can find within a few seconds. When people complain about this, Amazon says, well you can always call for support on the phone. So now Eric Springer says she shouldn't be able to do that anymore.
And other websites are a lot worse than Amazon on that score.
Ken Dibble www.stic-cil.org