[Krebs on Security] What Counts as "Good Faith Security Research?"

Krebs on Security has posted a new item. The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution. Please use the link above to continue reading this posting. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Over half of organizations have experienced a data breach caused by third parties that led to the misuse of sensitive or confidential information. An even larger number attribute the cause of the data breach to granting too much access to third parties. Download this report to discover how you can stop data breaches and secure your remote access before your third parties are compromised. - Statistics and findings of individuals involved in their organization’s approach to third-party risks and management - An in-depth look at each stage of the third-party lifecycle, including the greatest point of risk - How to secure the greatest point of risk in the third-party lifecycle and best practices for securing third-party remote access Download the report now! * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * You received this e-mail because you asked to be notified when new updates are posted. Best regards, BrianKrebs P.S. You may manage your subscription here: