And? What do you think they're spending those billions on? Giant computing centers in Utah and all the signals intelligence the entire country does --- all the satellites, all the underseas cable taps, all the deployments of hardware implants on Chinese military computers.
Exploit development is a rounding error in that budget.
Satellites and undersea cable taps fall to the NRO and the USN, though I'm sure the NSA pays for some of it. That is beside the point though, the issue is exploit to hardening ratio - not exploit to everything-else ratio.
Yes, and the USG (and DOD) spend vastly more on hardening than on offensive security. By orders of magnitude; note plural. Both in opex and (particularly) capex.
Is the money being spent wisely? Different question. But: nobody really knows how to effectively spend 100MM on hardening (a nice round number I picked at random).
Nothing would make me happier than to be able to take your word for it, but I think your definition of "hardening" might be incredibly broad. DoD funding Ada development, SELinux, rainbow series, cyber grand challenge - hardening. DoD buying firewalls and maintaining Oracle licenses isn't hardening.
No, it isn't - it is basic network administration, and it does nothing to advance the state of the art. That is a bad faith interpretation, especially when considered in the context of offensive development. You're putting license maintenance in the same category as TCSEC, which broadens "hardening" to the point of losing all meaning - hell, throw in the cost of electricity to power the firewalls.
Exploit development is a rounding error in that budget.