Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Legal Defense Fund Covers Crypto Research
The nonprofit Security Alliance is providing funds to protect security researchers who illegally access crypto assets with the aim of improving security.
Thieves have stolen cryptocurrency worth billions of dollars from cryptocurrency exchanges and wallets. As security researchers probe the defenses of cryptocurrency platforms, an industry group is partnering with the Security Research Legal Defense Fund to ensure that these researchers are protected from legal threats.
In February, platforms including the Ethereum and Filecoin foundations; crypto-focused venture funds, like Paradigm and a16z crypto; and others — which have been battered by successive years with multibillion-dollar heists — formed the nonprofit Security Alliance to address the specific security needs of their industry. The group has launched various initiatives to improve companies' resilience, such as the emergency response bot Seal 911, the Security Alliance Information Sharing and Analysis Center, and now the Whitehat Legal Defense Fund.
Researchers who follow the principles of the Whitehat Safe Harbor Agreement and face legal expenses incurred by their actions can apply to the Security Research Legal Defense Fund (SRLDF) for money earmarked by crypto donors. To be eligible, the researcher must show financial need, have hacked in good faith for the purposes of vulnerability disclosure, and aimed to avoid harm to the public with the goal of improving the security of computers or software. The SRLDF board must approve any funding decisions.
While discerning the difference between good-faith and bad-faith efforts might, in theory, seem difficult, in practice bad-faith actors tend to make themselves clear. Earlier this week, for example, the Kraken crypto-trading platform alleged that a security researcher found a security flaw and filed for a bug bounty, but also refused to return funds stolen as part of testing the concept. That application for legal funding would probably not fare well.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024