Europe's malware industry has mostly been legalised in the name of fighting (narco)terrorists and pedos:
E.g. on this "legalized" end of the spectrum Netherlands, Italy, UK, Germany, Switzerland, France, all have _very_ active companies and strong talent pool for offsec skills and what is "legal malware" (Bundestrojaner varieties like Mini/Mega-Panzer, etc).
ETSI in France works hard so that the term "malware" doesn't even enter language (instead it's middleboxes like eTLS or standards covering the framework of Lawful Interception). The countries listed have strong relation between offsec vendors and consultants and the IC. E.g. Kudelski Security in Geneve prides itself on breaking phones, supplying tooling and a lab to Europol. HackingTeam, Gamma International, EncroChat, Sky ECC, Vupen, ... = all European.
The EU countries which have (some) talent but lack the jobs are often "painted as corrupt" backwaters where "everyone is a criminal[1]", usually cover the rest.
E.g. on this "legalized" end of the spectrum Netherlands, Italy, UK, Germany, Switzerland, France, all have _very_ active companies and strong talent pool for offsec skills and what is "legal malware" (Bundestrojaner varieties like Mini/Mega-Panzer, etc).
ETSI in France works hard so that the term "malware" doesn't even enter language (instead it's middleboxes like eTLS or standards covering the framework of Lawful Interception). The countries listed have strong relation between offsec vendors and consultants and the IC. E.g. Kudelski Security in Geneve prides itself on breaking phones, supplying tooling and a lab to Europol. HackingTeam, Gamma International, EncroChat, Sky ECC, Vupen, ... = all European.
The EU countries which have (some) talent but lack the jobs are often "painted as corrupt" backwaters where "everyone is a criminal[1]", usually cover the rest.
[1] e.g. see this PR/FUD video produced by the ghouls at Norton pretending to be journalists: https://www.youtube.com/watch?v=un_XI4MM6QI