When we did Driven2pwn in UAE, I had to set up a makeshift SCIF-lite to keep exploits out of anyone’s hands except the researcher & the target vendor to avoid leaks, even from the multinational judges.
It was in defense of the Internet & to keep hacking contests from being banned https://twitter.com/runasand/status/1390264269703417858

Y’all have no idea how much regulators wanna regulate creation, use, demonstration, release, & sale of exploits.
Yes, internationally they do bring up the US’ famous tool leaks among other concerns.
This example will increase some countries’ desire to lock down domestic research.

While we may see an increase in local hacking competitions per country (good), expect that increase to feed directly into a host country’s immediate cyber arsenal (bad, if you’re anyone that country doesn’t like & now they have fresh 0day).
Global research sharing is endangered.

Why not hoard exploits per country? With as much shared technology in the world’s OSs & major software, exploits aren’t that easy to keep trained on one’s enemies & out of your or your allies’ systems. Defenders are better off sharing exploit knowledge to build defenses globally.

So what can we do, given an increase in pressure & inevitable gravity of regulation pulling countries toward banning domestic research from escaping state offensive use?
If you’re asked, explain that hackers who don’t want their work used this way have an alternative: drop 0day.

Won’t that make their exploits likelier to cause damage? Yes & no. A public exploit used widely is fixed promptly & users know they are at risk & what to look for. An exploit used quietly by a nation can get targets killed - a fact hackers will have to weigh upon their conscience

I hope we’re able to continue exploit contests around the world. I hope this latest revelation won’t drive regulators to attempt similar commandeering of security research in their own countries, restricting researchers via export controls.
We need to share knowledge for defense