By Ben Kochman (May 19, 2022, 8:22 PM EDT) — The U.S. Department of Justice on Thursday directed prosecutors to not charge researchers who report cybersecurity flaws in “good faith” with breaching the Computer Fraud and Abuse Act, a year after a key U.S. Supreme Court ruling curbed the statute’s scope.
In a policy directive sent to government attorneys across the country, DOJ officials said that the department will not prosecute security researchers that access an organization’s networks “solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the…
Read more