He makes great points, but I intuitively feel like certain acts of creating and selling malware should be illegal, even if only by the spirit and not the letter of the law.
If someone manufactures guns, doesn't register them, and knowingly sells them to street gangs, it kind of seems like they're aiding and abetting illegal activities for profit.
Of course there are instances of selling malware you created to parties who generally won't use it illegally, but that's not what's alleged here.
Whether Hutchins truly violated the law, I don't know, but if the allegations are true then he did something very unethical and something I feel should be illegal.
Do you think there should be a market for building/selling malware? I feel like it would aid in zero day disclosures. But it could also incentivize black hats.
Fuck no. Malware and exploits are not the same thing. Anyone can write malware; you just have to have the stones and a broken enough moral compass to make money by immiserating strangers. There is an infinite amount of malware; we don't benefit from its "disclosure".
There is a market already, the only diff. from this case is who is the end buyer. If you are building a rootkit for Sony Entertainment to use on it's customers none minds much.