Re: I won't sell you a weapon...
I see your point but I don't think it is as hard to draw the line as you think.
Wassenaar is not about stopping a gangster buying a gun. It is about stopping nation states buying extremely high-level weapons to use against other nations or their own people.
So, it really doesn't need to be about preventing access to knowledge of vulnerabilities (after all, any information available in the US will be easy to get hold of elsewhere). Nor is it about stopping crooks building new attacks. It isn't even about stopping "bad" nations from creating their own "Hacking Team" -- as long as they are having to do their own development they will be some distance behind us. It is really about stopping commercial entities (such as the real Hacking Team) from developing and selling weapons to anyone who can pay.
I think the issue will be over defensive uses: does Wassenaar really want to stop Microsoft, etc selling defenses against our weapons.