In fairness, certain U.S. government agencies have the ability to compel software companies not to disclose or even fix flaws in their products, so long as they pose an interest to national security. Once these flaws become public (enough that they are exploited by malicious actors), security is compromised and a fix may be issued.
See also "warrant canary".
Sadly, nobody cares that the U.S. did it first. We made it illegal to speak truth to public about actual invocation of this law, so it must be good.