I'm interested in whether this is limited to ONLY proprietary research.
I could actually see an argument for banning export of such research. Do we really want companies finding flaws in widely-used software, keeping those flaws secret from the software vendors and the general public, but then selling details on those flaws to others who could potentially turn around and exploit them? In a sense, this does sound like a munition.
I don't see the same concern with public research. If you disclose a vulnerability publicly, then everybody can fix it, and that strengthens the ecosystem instead of weakening it.
If the ban were limited to proprietary research, I don't see it as a bad thing. Of course, it does nothing to keep companies from selling their findings to NSA contractors and such, but I don't expect the US to lift a finger to ban practices like these.