Thanks to the advocacy of many industry and privacy groups, the Obama Administration has finally listened and is rewriting its controversial zero-day export policy (emphasis added):
For two months, security researchers have been fighting a controversial export policy known as the Wassenaar Arrangement — and now it looks like they may have won a crucial battle in that fight. In a closed-door meeting this morning, a Commerce Department representative said the agency’s Wassenaar-inspired export controls were currently being rewritten after the comment period ended last week. The new version will be “quite different,” according to a Commerce official quoted by PoliticoPro, and will be followed by a second round of public comments.
First laid out in May, the Department of Commerce’s new export rules were controversial from the start, with many in the security community saying the rules would make it impossible to develop and deploy benign security tools. Companies also raised concerns that the rules would hamper international bug bounties, which are now a common security practice among software vendors. Commerce held a two-month comment period on the proposed rules, in which time Google, Facebook, and dozens of other companies filed comments critical of the regulations as written. Now that the comment period is closed, it appears Commerce took those criticisms to heart.
The outstanding question is this: how much of the policy will be rewritten to address the many real concerns with the original draft?