It seems really hard to find grounds to sue these spyware vendors that don't equally apply to security researchers doing the kind of work that makes spyware less viable overall.
That is not a realistic concern with most major vendors. Apple, for example, has clear guidelines on what security researchers are allowed to do. Anyone who follows those guidelines won't be sued.
But they don't have to do that. They can choose to sue spyware vendors and not sue security researchers who have technically violated the same provision.
> It’s pretty easy to brand security researchers as malicious if you don’t like them.
OK.
But it's in Apple's interest to work with them. Because the alternative is that the 0-day exploits get sold to companies or countries that aren't Apple.
No such synergistic relationship exists between Apple and spyware vendors.
