Leading bug bounty platform providers are asking the security community to provide input into the new UK government consultation on computer misuse legislation.
With only two weeks left before the deadline for submissions for review of the Computer Misuse Act 1990, Bugcrowd fears ethical hackers will be left behind when the updated law is published. I am concerned.
The Home Office has suggested that statutory legal defenses against bona fide hacks would “advance the whole-of-society approach to cybersecurity,” but the company claims it also recognizes the potential for unintended consequences. doing.
Read more about ethical hacking: The US government welcomes ethical hackers.
Casey Ellis, founder of Bugcrowd, said, “Inadequate legal protections against ethical hackers have the chilling effect that those who can contribute to making the Internet a safer place become afraid to do so. can have an effect.
“In Bugcrowd’s view, the UK, through a key Supreme Court decision and the DOJ’s clear commitment not to prosecute bona fide security researchers, follows the same policy as the United States, which has made clear the protection of legitimate security research activity. We have to think along.”
Two industry groups, the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition, reflect the above views in their submissions for review, but may require further feedback from individuals and companies. .
“With the rapid acceleration of technology and the massive and continuing shortage of skilled cybersecurity professionals around the world, Bugcrowd is committed to helping organizations and law enforcement to meet the needs of everyone in the ethical hacking community. We want to be able to benefit from ‘Internet Neighborhood Watch’ by encouraging others to support it,” Ellis continued.
“Ethical, well-intentioned and responsible researchers should not be placed in positions that could put them in legal jeopardy.”
The consultation will close on April 6, 2023 and submissions can be made here.
The news came as the latest Pwn2Own competition concluded in Vancouver. Over the course of three days, the participant found 27 zero-day vulnerabilities in a variety of products, including Adobe Reader, Microsoft SharePoint, and software running on the Tesla Model 3.
These discoveries will help participating vendors make their products more secure, and the winning team of ethical hackers can win over $1 million in prizes, including getting rid of their own Tesla.
