I always find Bruce Schneier worth listening to, and this article is no exception.

He argues that the NSA has been lying (or at least been highly misleading) in what it has said about its treatment of 0-day exploits in hardware and software. He goes on to say that this makes us all less secure; since everyone uses the same software, either we're all safe or none of us are (be that individuals, corporations, or governments).

While he suggests that more government oversight (and even a breaking up of the NSA) would address this, he certainly recognizes how politically unlikely that is. But I think he's overly optimistic even in his suggestion that this would help: it seems pretty clear that the intelligence community is willing to lie to Congress and the Executive, so I have little faith that more oversight would make much difference.