[wuest]

Yeah, this is pretty likely. It's a dangerous road to go down, however, as regulatory bodies can be far from impartial.

It's a difficult issue to properly address. I think the right method to go about it is to punish actions, rather than possession of tools. On some level, simply having the ability to write software makes one suspect, if you start scrutinizing tools. Actions (compromising boxes and running exploits without permission of the owner of the host, advertising explicitly criminal use of software) are easy enough to define, and it's easier to define an exclusive list of "bad" actions, than to come up with generalizable rules.