The situation full-disclosure security measures is on its way to get worse, perhaps a lot worse, as governments try to introduce legislation like the international convention on cybercrime, which would criminalize anything from sniffing and using crypto on your own network to the possession and development of security tools, let alone remote network activities. Without calling this trend an evil government conspiracy, you can safely say that people working to advance such legislation are not acting in the best interest of security and e-commerce, not solely out of stupidity or lack of knowledge, but because there are lots of people getting advantages out of criminalizing benevolent security practice - think of new government jobs, legal powers over the security industry, and the possibilities for domestic surveillance.

If the government and the security community decides that consumers and users on the Internet, who are directly affected by the security of their peers, should not have the right to scan, then their only recourse will be legal.


[1] An example for this trend is the popular paper "Improving the Security of Your Site by Breaking Into it" along with development of the first widely-used security scanner, SATAN. More here.

[3] Legal liability for compromised systems that unknowingly participate in incidents, such as DDoS attacks, may be enforced more strictly soon.