DOJ Says It Won't Punish 'Good Faith' Cyber Flaw Research

By Ben Kochman (May 19, 2022, 8:22 PM EDT) — The U.S. Department of Justice on Thursday directed prosecutors to not charge researchers who report cybersecurity flaws in “good faith” with breaching the Computer Fraud and Abuse Act, a year after a key U.S. Supreme Court ruling curbed the statute’s scope.

In a policy directive sent to government attorneys across the country, DOJ officials said that the department will not prosecute security researchers that access an organization’s networks “solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the…

Read more

Explore the site

More from the blog

Latest News