While NSO is, of course, not a good group, I think the larger problem is how prevent these exploits are. If NSO didn't find them, someone else would. I don't consider NSO to be the big problem here.
Is this the standard we apply to other cyber-criminals? Or any crime for that matter?
Do we ask how vulnerable the victims were? And how we should make them less vulnerable and give a free pass to the aggressors?
I'm not saying anything about the vulnerability of the victims of these attacks. I'm saying it's absurd how the trillion dollar corporation fails to protect them. NSO should be stopped, sure. But don't kid yourself — someone will take their place immediately for as long as these vulnerabilities continue to exist.
