An interesting article: http://www.computerworlduk.com/news/security/3406221/dutch-government-let-law-enforcement-hack-foreign-computers/
Dutch Minister of Security and Justice Ivo Opstelten outlined the government’s plan to draft a bill in upcoming months that would provide law enforcement authorities with new investigative powers on the internet.
The proposed legislation would create an incentive for governments to keep software vulnerabilities secret because they would need to exploit those vulnerabilities to attack systems used by cybercriminals, van Daalen said.
My comment is Dutch are only doing it publicly!!
In the physical world, law enforcement has been using physical security weaknesses to plant bugs in home and workplace and collect information about people under investigation (assuming they have the legal authority and appropriate approval to do it). In terms of law, this extension to the cyberspace seems logical. However, don’t think the police would advice the the building safety folks to stop fixing problems in the building so that they could do their job well.
Controlling the public disclosure of vulnerability (that already have a patch or workaround) in favour of the successful execution such a law would be a serious security concern. Law enforcement, by nature of their profession, has the fundamental responsibility of protecting public safety. Catching a criminal by exposing millions or billions in danger contradicts what they set out to achieve in the first place.