If there were actually a government body that cared about "cyber"-security, they'd be hauled up in front of it. They're basically an infosec Bhopal - creating a toxic mess that other people have to clean up over a period of decades.
In essence there are not critical US systems running on Flash and so the defensive side of NSA don't care. And the offensive side is just happy to let it rot, as that means more opportunities for them.
The thorn in the side of removing Flash has been VMware, who, in their latest vSphere 6 release, clearly made the point that "Flash is the future", with announcements towards deprecating their alternative clients.
I don't understand what they are thinking - it used to be such a progressive company.
I don't know about US Government, but many Governments and sensitive organisations are still using VMware, and this isn't likely to change.
But "thanksfully" they've switched to WordPress on the Whitehouse site and hired the maintainer , so they are improving netsec on THAT front. :)
Which is actually a good thing for hosters worldwide.
