The Commerce Department's Bureau of Industry and Security guidelines are "tremendously overbroad, and appear to prohibit the sharing of vulnerability research without a license," says Electronic Frontier Foundation Executive Director Cindy Cohn. "This is incredibly dangerous; the same tools that are used to attack systems are also the ones we need to help discover flaws and attacks. BIS says it doesn't want to hurt vulnerability research, but its rules go much further than Wassenaar requires and further than other countries go. The result could be a complete backfire, making technologies we all rely upon less secure." (This week, BIS said its proposal was intended to curb the export of tools to control or develop what it deems intrusion software, but the technical clarification appears to have done little to assuage experts' concerns.)

Thursday, June 11, 2015
The Christian Science Monitor