BEST OF THE WEB

Google-backed initiatives aim to protect security researchers from legal threats

A group of tech companies, security vendors, and non-profits have launched two new initiatives aimed at defending security researchers against potential legal battles over the vulnerabilities they uncover.

The Hacking Policy Council, formed by Google, Intel, Luta Security, HackerOne, BugCrowd, and Intigriti, will advocate worldwide for laws and regulations that promote best practices for vulnerability disclosure. The council aims to bridge gaps in the industry’s support for security researchers.

Google has also provided an unspecified amount of seed funding to launch the Security Research Legal Defense Fund. The fund will provide financial aid to researchers who face legal threats after reporting a flaw to a company. The fund has three independent board members and is seeking funding from other companies.

Security researchers probe for exploitable bugs in online services and report them to the companies behind the products with the hope of a fix. However, some companies downplay the impact of the bugs or even sue the researcher for violating anti-hacking laws or copyright infringement.

The new programs hope to create a “warming effect” between researchers and companies, said Katie Moussouris, founder, and CEO of Luta Security. The Security Research Legal Defense Fund will support researchers who demonstrate a financial need for legal aid and meet the fund’s definition of a good-faith security researcher.

Tim Willis, head of Google’s Project Zero initiative, said the new programs aim to ensure that companies do not just patch over the crack in the wall but rather work towards a solution.

The Hacking Policy Council has already met with EU officials to discuss changes to the proposed Cyber Resilience Act, while the legal defense fund focuses on raising awareness about the program and is now open to accepting new cases.

The sources for this piece include an article in Axios.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web