The rules are already impacting security research, said Timpe.
HP itself was unable to sponsor mobile Pwn2Own at PacSecWest in Japan last fall because of the complexities of obtaining all the necessary import-export licenses. Earlier that year, the company spent months working with trade lawyers and government officials to ensure that Canada’s implementation of the Wassenaar Arrangement was not violated during the Pwn2Own contest held at the CanSecWest conference.
It is also affecting bug bounty programs, she said, such as HP's Zero Day Initiative, recently acquired by Trend Micro.
"The researchers would have to go to their government and get a certificate to export their work to another country, and the recipient has to get permission, and if the vendor is in a third country, we also have to get an export license," she said. "It just adds additional complexity and starts to drive researchers away. We have researchers all over the globe sending vulnerabilities to the U.S."
Sign up for CIO Asia eNewsletters.