should vulnerability research be illegal ? What is appropriate ? What about pen testing ? Listen to this podcast I just published and share your thoughts ... https://www.buzzsprout.com/1312267/5646316-vulnerability-research-or-computer-fraud-abuse-pen-testing-or-breaking-entering
Content you might like
<1-2%30%
3-5%45%
>5%23%
1073 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Having the right governance structures in place is important. We have a committee that's called the Protect Subcommittee that comprises the general counsel's office and leaders from our privacy and security practice ...read moreHead of Information Security in Services (non-Government), 1,001 - 5,000 employees
Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read moreSANS newsletters24%
CISA-supported newsletters41%
Center for Internet Security (CIS) Newsletter44%
Schneier on Security19%
Brian Krebs23%
CyberWire24%
AWS Security Digest35%
MITRE 360 Newsletter5%
ChatGPT or variation15%
Elon Musk3%
Other (please share in comments)3%
99 PARTICIPANTS
But creating effective defenses against cyberthreats requires researchers to master hacking activities such as network recognizance and vulnerability exploitation. Such research motivated activities are NOT inherently illegal or unethical. It is the misinterpretation of these activities and the lack of clear standards for such research that proves troublesome. The podcast spent considerable time discussing the concept of “breaking the term of service” as associated with vulnerability research and suggests that this could prevent lawful vulnerability research. I disagree with the podcast assertion that breaking the term of service could be a reason to NOT pursue vulnerability research. A decision from the 9th Circuit Court of Appeals suggest breaking terms of service is not a crime that someone can be prosecuted for. Adhering to a term of service should not prohibit organizations from finding/closing vulnerabilities and in turn sharing that research.