2 min

The Center for Cybersecurity Policy and Law, an Infosec think tank, has announced two new initiatives aimed at creating a more favorable legal, policy and business environment for good-faith security research and vulnerability disclosure.

The first initiative is the Hacking Policy Council, a new group that aims to improve security research and vulnerability disclosure policy. The second effort is the Security Research Legal Defense Fund, which seeks “to protect consumers and enterprises by advancing public policies and business practices to better detect and address security vulnerabilities”, according to the announcement.

Hacking Policy Council

The Hacking Policy Council will make technology safer and more transparent by facilitating best practices for vulnerability disclosure and management, as well as advocating for legal and policy reforms to empower good faith security research, penetration testing, and independent repair for security.

“Outdated laws create restrictions and liability for these practices, and emerging legal requirements on vulnerability disclosure and management are not always clear or in the best interests of security” the Center explained in their statement.

“There continues to be a lack of awareness and effective adoption of best practices relating to these activities, and policymakers have not implemented practical solutions to protect and encourage vulnerability disclosure and management”.

The second group to be launched is the Security Research Legal Defense Fund. This will be established as a standalone 501(c)(3) nonprofit organization and will help fund legal representation for persons that face legal problems due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public interest.

Harley Geiger, Coordinator of the two groups announced this week, explained the need for both. “Society depends on secure digital communications and devices, but cyberattacks and system failures increasingly endanger physical safety, consumer privacy, and the operation of services that are critical to the economy”, he said.

“The Hacking Policy Council and the Security Research Legal Defense Fund will work to create advantages for those helping companies and governments stay a few steps ahead of the criminals”, he added.