- The 25+ best Black Friday Nintendo Switch deals 2024
- Why there could be a new AI chatbot champ by the time you read this
- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
Call for Submissions to UK’s New Computer Misuse Act
A major bug bounty platform provider has urged the security community to contribute its views to a new UK government consultation on computer misuse laws, or risk its voice not being heard.
With just a fortnight left for submissions to the review of the Computer Misuse Act 1990, Bugcrowd is concerned that ethical hackers may be left out in the cold when an updated law is unveiled.
Although the Home Office has suggested that a statutory legal defense for benevolent hacking would “advance our whole of society approach to cybersecurity,” it is also aware of the potential for unintended consequences, the firm claimed.
Read more on ethical hacking: US Government Will Welcome Ethical Hackers.
“Poor legal protection for ethical hackers could have the chilling effect whereby those who could contribute to making the internet a safer place become afraid to do so,” argued Bugcrowd founder, Casey Ellis.
“In Bugcrowd’s view, the UK needs to think along the same lines as the US, which has clarified protection for legitimate security research activities via an important Supreme Court ruling and a clear DOJ commitment not to prosecute good-faith security researchers.”
Although two industry groups – the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition – will reflect the above views in submissions to the review, more feedback may be needed from individuals and companies.
“Amid the rapid acceleration of technology and the massive, ongoing, worldwide shortage of skilled cybersecurity professionals, Bugcrowd wants organizations and law enforcement to remain able to benefit from ‘Neighbourhood Watch for the internet’ by encouraging anyone from the ethical hacking community to assist,” Ellis continued.
“Those ethical, well-meaning and responsible researchers should not be put in a position where they may be at risk of legal jeopardy.”
The consultation closes on April 6 2023, and submissions can be made here.
The news comes as the latest Pwn2Own contest wrapped up in Vancouver, with participants discovering 27 zero-day vulnerabilities over the three-day period in products as diverse as Adobe Reader, Microsoft SharePoint and software running on a Tesla Model 3.
These discoveries will help participating vendors make their products more secure, while earning the winning teams of ethical hackers over $1m in prizes including their own Tesla to drive away.
