Good suggestion. My initial thought on that was to not have it unless it became necessary. My big concerns are profanity, porn and unethical hacking. So far so good. The registration agreement states it, and we have had only minor infractions. The only one I can think of is:http://www.ethicalhacker.net/component/option,com_smf/Itemid,49/topic,27.0/
...and we never heard from him again. I chose not to ban him because maybe he was just woefully misinformed. But the situation took care of itself.
I want to try to stay as open as possible. As for your direct questions, I have no problem discussing exploits in the Malware Board. And for links to tools, I do it all the time and so do several members. I'm not one to think that my site is the only resource (although I'm trying with all of your help to make it the best). There are plenty of great sites and content out there. The goal is education. So post away...
As a final note, it has been determined legally that the content of posts by members is their own responsibility. So self-moderation is always a good thing. An example would be discussing actual test questions. I'm not opposed to it per se as long as it remains educational and MOST IMPORTANTLY that it does not break an individual's agreement with a certification organization. Amongst others, I am a CISSP, so I personally will not be posting exact questions that were on the CISSP exam. Once again, self-moderation.
This is vague, I know. But as mentioned, if we need to start setting rules because things are getting out of hand, so be it. As always, I'm open to opinions.