The Wassenaar Arrangement is frequently mentioned in information security (and vulnerability research in particular) since inclusion of computer code as dual-use good. The Agreement does not clearly specify what is and isn’t considered a controlled good that should be subject to export controls, making a number of security researchers and long-term thinkers rightfully concerned about the future of security research. The section on dual-use technology that’s relevant to software (not crypto) says: >‘4. A. 5. Systems, equipment, and components therefor, specially designed or modified for the generation, operation or delivery of, or communication with, “intrusion software”.