I’m struck with an analogy regarding the recent laws prohibiting the possession of “hacking” knowledge.

Supposedly we in the infosec community are not supposed to be seeing the effects of compromise. We’re not supposed to gather password lists. We’re not supposed to look at data dumps for clues of the attacker.

Isn’t this like keeping a medics off of the battlefield?

It’s not like the war is stopping. It’s not like the carnage pauses when there are laws against looking at it. And who else is there to do the defending, if not the infosec professionals?

Law enforcement? That sounds nice, but they’d need tens or hundreds of thousands more in their ranks before it could be seriously considered, and that’s not going to happen.

It’s patently ridiculous to prohibit the information security professionals of the world from seeing and dealing with the artifacts of malfeasance. It can never help. It can only hurt.