Also decriminalisation of software security research public image must happen and it needs some serous PR effort backed by a solid industry association or stakeholder. Otherwise big fish will PR-down all the small fish into regulation network woven by itself.