The double-edged sword of dual-use technology

This is an article by the security guru Bruce Schneier in Wired magazine. It explores the implications of global commercial technology (e.g. operating systems, browsers, firewalls, routers) that is increasingly being used by governments around the world to protect systems containing classified information. The dilemma is: if a national security agency discovers a vulnerability, should it keep it secret and exploit it against its enemies (with the risk they may be doing the same), or do they tell the product vendor so that everyone benefits from the fix (including commercial organisations)?