Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
The US Department of Justice announced this week that it has revised a policy that explicitly states it will not charge security researchers with violations of the Computer Fraud and Abuse Act (CFAA).
The new guidance recognizes "good faith" security research done to promote safety and not carried out in a way that causes harm. The new policy, effective immediately, replaces the previous CFAA charging policy from 2014, the DOJ said.
"Computer security research is a key driver of improved cybersecurity," said Deputy Attorney General Lisa O. Monaco in a statement about the new DOJ policy. "The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good."
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024