A major bug bounty platform provider has urged the security community to contribute its views to a new UK government consultation on computer misuse laws, or risk its voice not being heard.
With just a fortnight left for submissions to the review of the Computer Misuse Act 1990, Bugcrowd is concerned that ethical hackers may be left out in the cold when an updated law is unveiled.
Although the Home Office has suggested that a statutory legal defense for benevolent hacking would “advance our whole of society approach to cybersecurity,” it is also aware of the potential for unintended consequences, the firm claimed.
Read more on ethical hacking: US Government Will Welcome Ethical Hackers.
“Poor legal protection for ethical hackers could have the chilling effect whereby those who could contribute to making the internet a safer place become afraid to do so,” argued Bugcrowd founder, Casey Ellis.
“In Bugcrowd’s view, the UK needs to think along the same lines as the US, which has clarified protection for legitimate security research activities via an important Supreme Court ruling and a clear DOJ commitment not to prosecute good-faith security researchers.”
Although two industry groups – the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition – will reflect the above views in submissions to the review, more feedback may be needed from individuals and companies.
“Amid the rapid acceleration of technology and the massive, ongoing, worldwide shortage of skilled cybersecurity professionals, Bugcrowd wants organizations and law enforcement to remain able to benefit from ‘Neighbourhood Watch for the internet’ by encouraging anyone from the ethical hacking community to assist,” Ellis continued.
“Those ethical, well-meaning and responsible researchers should not be put in a position where they may be at risk of legal jeopardy.”
The consultation closes on April 6 2023, and submissions can be made here.
The news comes as the latest Pwn2Own contest wrapped up in Vancouver, with participants discovering 27 zero-day vulnerabilities over the three-day period in products as diverse as Adobe Reader, Microsoft SharePoint and software running on a Tesla Model 3.
These discoveries will help participating vendors make their products more secure, while earning the winning teams of ethical hackers over $1m in prizes including their own Tesla to drive away.