Training & Certification
Request a Proposal
User Behavior Analytics
By Compliance Requirement
Find a Partner
News & Press Releases
Events & Webcasts
Our modern lives increasingly rely on interconnected and complex technologies: in our homes, our critical infrastructure, our healthcare, everywhere. Enabling society to safely reap the benefits of this technology requires strong cybersecurity policies, practices, and awareness. To advance this cause, Rapid7 works with governments, companies, non-profits, and experts to shape policies, standards, and legislation that benefit consumers and defend responsible cybersecurity practitioners.
Rapid7’s public policy mission is part of our strong commitment to supporting the infosec community and advancing smart cybersecurity. Here are some examples of our cybersecurity policy work:
We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.
Independent security research is valuable for advancing cybersecurity, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to shield security researchers and internet users from overbroad liability.
The Digital Millennium Copyright Act (DMCA) currently hinders good faith security research by restricting the ability to analyze software for vulnerabilities. We support changes to extend protections to security researchers without diminishing copyright.
Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.
The Wassenaar Arrangement would create broad new export requirements on software. We believe it should be refined to avoid unnecessary burdens on legitimate cybersecurity products.
NIST, a technical standards-setting body in the U.S. Dept. of Commerce, developed a framework for cybersecurity practices that is in wide use in government, critical infrastructure, and other areas. Rapid7, in coordination with dozens of other security community members, is working to incorporate vulnerability disclosure and handling processes into the Framework.
NTIA, a branch of the U.S. Department of Commerce, is hosting a process for researchers and companies to develop principles for coordinated disclosure of security vulnerabilities. Rapid7 actively participates in this process to advance the adoption of productive vulnerability disclosure and handling practices by both technology providers and security researchers.
Cybersecurity will be critical to safety, privacy, and public trust as IoT devices are more widely deployed. In addition to leading research on IoT, Rapid7 engages policymakers in considering how to best secure it.