While gun control in the United States is a very passionate topic for some, cybersecurity weapons are freely available to those that have the inclination to obtain them. With the recent disclosure of several cybersecurity tools (including the paid for Cobalt Strike) this may spark another conversation of regulation of software. Should we be required to register and license cybersecurity weapons in the modern era?
The open-source nature of collaborative software development can lead to greater access for enthusiasts, professionals, and criminals alike. With some features being granted on a pay-to-play basis, there are also other software packages that require an outright purchase and license to use. We see that eco-systems developed around Linux, Mac, and Windows are prolific with free software that is written for the communities, albeit closed source at times.
This freedom to obtain and use software may find itself regulated in the near future. There are accountability issues that arise from allowing cyber-weapons to fall into the hands of threat actors. If software engineers could find a way to create dependance for an online library or function in regards to registration, there may be a security control that could be applied.
Without advocating for controlling what is perceived as a open and free resource, it might be time to consider the registration of cyberweapons and their use online. When clients such as the U.S. Government become part of an attack from an Advanced Persistent Threat, it creates a window of opportunity to impart influence based on the open-mindedness of the affected. Not that drastic measures are warranted, but this could be time to construct the shell of the conversation.