Oh, I see. The way it read was just confusing.
That would be a decent chunk of their overall budget then. To me, that activity is the worst of the revelations about the NSA. It’s one thing to work on discovering security exploits, or even planting them in a target’s systems as is reported here. I expect the government to be doing this sort of thing (to foreign bad guys). But to intentionally create exploitable flaws in standards and commercial products is an outrage.