Every security vendor is aligned with it's "host" nation, that is how business works. Not to mention that it's one of the only few sources for these types of enterprises to recruit from in the first place. Most of the security software coming out of Israel like Checkpoint goes even beyond that and it's actual code that was written in the IDF and was released for commercial use. The NSA also has a technology transfer program that enables commercialization of many technologies which were invented or developed by the NSA, they also release quite a abit of their TTP software as open source.

I think you're certainly overstating the case here. We don't see US derived malware being ignored by the USG. In fact, almost all high profile hacker arrests stem from US investigations. US researchers are the ones who take out Russian and Chinese botnet C&C servers. We see almost no action on the nation states that profit from malware, namely Russia and China.

On a cyber weapons level, who knows, but citing things like TTP which releases to FOSS or Israel's defense industry as a sign of corruption is asinine and not remotely comparable to what is the status quo in Russia. Cyber weapons will always be here and, when used correctly, can't be detected by signature based AV because they have no idea what to look for and the exploits they use are typically zero days. Stuxnet used, I believe, 3 or 4 different zero day attacks.

Nor did you bother to read the Kaspersky articles where the proof is laid out in a pretty obvious way. I think its foolish to knee-jerk to "Oh Russia does this, so must everyone else." Certainly there are degrees of corruption, and Russia is on the extreme end of this scale. Brian Krebs and Tavis Ormandy aren't on some NSA payroll to make Russia look bad. Russians do that for free. Lets stop playing the "every government is the same" card. Its been historically untrue.

>Every security vendor is aligned with it's "host" nation

Also, I really doubt the guys writing rules for Snort, ClamAV, or mod_security or OSSEC are aligned with anyone. Your view is incredibly cynical and very much an example of the disingenious tactic of "whataboutism" Russians use to defend their wrongdoings. Those rules are public, pray tell, which ones are NSA backdoors? I suggest you come up with some proof if you're making such accusations. The articles I linked to about Kasperky are significant and well-researched.

edit: I cant reply below so I'll type it here. Clinton-era crypto limitations are a non-issue. Clinton lost the crypto wars after the Clipper chip was never passed or funded and after Phil Zimmerman wrote PGP and helped end crypto restrictions. I'm talking about things happening right now. 20+ years ago whining is not helping nor relevant. Use whatever crypto you like.

Ok, every commercial security vendor of significance better? RSA and other security vendors had to introduce work reducers for the NSA in the 90's because that's what was mandated to them to be able to export their software. Being aligned with national interests doesn't mean introducing backdoors it means cooperating with them, considering the breath of knowledge that a national organization has and their resources it's a mutual beneficial relationship in most cases. It's not conspiracies it's the simple fact it's like universities doing research for national defense that's a given fact, but you don't expect saint petersburg polytechnic to perform research for DARAP just like you don't expect caltech doing research for the Russians. Nowhere did i hinted that it's a sign of corruption or that i even see this as negative thing as i don't on both count. This is the simple reality of how businesses and academia work for national interests and I'm not sure what surprising about this.

We do see US government malware being ignored by US security firms. Why do you think it's always Kasperskey and other non-US companies that report stuff like Duqu?

I wouldn't go as far as claiming that US agencies are putting gag orders on such investigations.

Symantec did a very extensive study on Stuxnet they were the ones that confirmed that it was intended to damage the centrifuges by fooling the industrial motor controllers.

What is more likely is that a national intelligence organization will use the local security vendors for counter intelligence purposes i.e. tipping them to suspected cyber intelligence operations that they've identified through other means.

This is a much more likely scenario than simply telling them not to talk about certain malware, it's easier to enforce and it provides them with both deniability and a more favorable outcome.

Geopolitics also play an important role here, different vendors have different market share in different regions. Kaspersky for example is more common in lower income countries, as well as countries that are under direct US sanctions like Syria or Iran, or countries to which US companies will have hard time exporting too or developing their market due to past relations.

So when you have a virus that infects many machines in Iran or Syria it's if any of the computers will be running fully licensed and supported commercial anti-virus software it wont be Symantec or McAfee that they'll be running but rather Kaspersky or any other non-US/Western software.

I feel pretty much this is the case as well, hence my relative trust for Kaspersky for my own use. US/Israel never detected Stuxnet either :), its a big geopolitical chessboard and anti-virus companies are knights that fight with their own color, they're not neutral.