Infosec firms oppose 'misguided' exploit export controls

A group of IT security vendors have joined forces in an effort to stop the US government from instituting new export regulations that aim to restrict the trade and operation of intrusion software used by hackers.

High-profile infosec companies Mandiant, Symantec, WhiteHat, SynAck and Global Velocity are among those behind The Coalition for Responsible Cybersecurity.

According to the coalition, the proposed new rules under the Wassenaar Arrangement mean a license would be required to perform defensive testing for businesses.

Cybersecurity collaboration and research would be curtailed as network testing and information sharing across borders would be hindered under the rules, the coalition argued.

Kaspersky Labs noted that researchers are already self-censoring their work as a result of the proposed introduction of the export regulations.

It pointed to the example of UK student Grant Willcox, who removed portions of his dissertation, including the code for the exploits he studied, in fear it might violate the regulations.

The proposed rules could also catch tools for cybersecurity and network monitoring, treating them like weapons, the coalition claimed.

Instead, Mandiant argued, such tools were "absolutely essential for every company and government that has been targeted by hackers."

The added bureaucracy for intrusion testing, tool licensing, limits on information sharing and other obstacles introduced by the rules would put the US and the world at greater risk from hackers, the coalition said.

Earlier this week, the International Association for Cryptology Research launched a petition to protest against Australia's export control laws, which threaten to make it illegal to sell or distribute even comparatively weak encryption outside the country.