Smith (below, right) was reacting to the Windows ransomware attacks over the weekend that caused companies around the world to go into meltdown, unable to use their systems to get any work done.
The attackers used a vulnerability in Microsoft's Windows operating system and an exploit developed by the NSA and leaked by a group called Shadow Brokers in April to create ransomware that also had a worm element and spread on its own to vulnerable machines.
In a blog post on Sunday, Smith went through the entire scenario, in an attempt to keep his criticism of the NSA and CIA till almost the end of what was a long post.
"Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," he wrote.
"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world."
Smith's reference to the CIA was about the Vault 7 document dumps that WikiLeaks has been making since 7 March. All have been about exploits for mainly Windows systems.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith went on.
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.
"And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today – nation-state action and organised criminal action."
Microsoft post is a ton of bullshit when the main failure was patching not the vulnerability. It's also their failure with patching issues.— The NSA monster (@osxreverser) 14 May 2017
And he added, "This is one reason we called in February for a new 'Digital Geneva Convention' to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them."
Photo: courtesy Microsoft.