This paper analyzes a recent debate on regulating cyber weapons through multilateral export controls. The background relates to the amending of the international Wassenaar Arrangement with offensive cyber security technologies known as intrusion software. Implicitly, such software is related to previously unregulated software vulnerabilities and exploits, which also make the ongoing debate particularly relevant. By placing the debate into a historical context, the paper reveals interesting historical parallels, elaborates the political background, and underlines many ambiguity problems related to rigorous definitions for cyber weapons. Many difficult problems remaining for framing offensive security tools with multilateral export controls are also pointed out.