The Wassenaar Arrangement, signed by 42 nations, can be implemented differently by each of these nations. Hackers are worried that exploits are controlled by these arms controls and will be punishable.

Leaving 0-day exploits in the wild or unpublished is not good for IT security, as only the people who have them can use them and there is no incentive to report them to the makers of the software, or for the makers to fix them (if they know about them)

Hackers fear arms control pact makes exporting flaws illegal • The Register.