The problem with the gun analogy in your particular argument is that a 'cyber weapon' or exploit is the flip side of a flaw in normal software.
The NSA is in a very weird position because they have a task to protect the systems of the US (Information Assurance) but also to attack those of adversaries.
In this case I think they are legitimately to blame for failing to discharge their assurance duties. They've failed to properly calculate the risk of leaking the exploit and now US interests are harmed because of that failure. This is a direct result of stockpiling exploits and not exposing them to the respective software vendors. In my opinion the security of your own systems is more important the insecurity of that of your adversaries, which is why I believe that the hoarding is bad.
I'm not defending the NSA's poor security of bad strategic choices; the reason I use the gun analogy is that mass -production of weapons is as much the flip side of industrial production as cyber weapons are the flip side of normal software vulnerabilities.
Also, when you're under attack it might be more useful to worry about the identity and source of your attackers than where they stole the weapons from. Weapons facilitate aggression but are not the cause thereof, and we're not the only people who know how or maintain an interest in such weapons.
The NSA is in a very weird position because they have a task to protect the systems of the US (Information Assurance) but also to attack those of adversaries.
In this case I think they are legitimately to blame for failing to discharge their assurance duties. They've failed to properly calculate the risk of leaking the exploit and now US interests are harmed because of that failure. This is a direct result of stockpiling exploits and not exposing them to the respective software vendors. In my opinion the security of your own systems is more important the insecurity of that of your adversaries, which is why I believe that the hoarding is bad.