What should be the law enforcement model for the internet? A police force that patrols and investigates to prevent and fight crime? An armed force that develops an arsenal and deploys troops to trouble spots? A spy agency that secretly infiltrates hostile or potentially-threatening organisations to destroy them efficiently and covertly from the inside? Private fiefdoms with individual guard troops to defend just their own territory? Something else entirely?
It matters how we think of this, because it affects the way we treat the internet as a resource and the threats we find there. If we imagine a war metaphor, we will talk about collatoral damage, attacks, strikes and operations of attack. If we talk about spies, we prioritise exploiting vulnerabilities instead of fixing or reporting them. Right now, we're working with a mix of everything I've mentioned.
Mokalus of Borg
PS - Personally, I believe it should be a combination of police and private security.
PPS - And that unfixed vulnerabilities make us all less safe.