2 min
Public Policy
Congress unanimously passes federal IoT security law
Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.
3 min
Ransomware
Ransomware Payments and Sanctions - U.S. Treasury Advisory
The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.
5 min
Public Policy
A step closer to stronger federal IoT security
The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.
2 min
Public Policy
Rapid7 joins CFAA brief to the Supreme Court
Should it be a federal hacking crime to disobey your workplace computer use policy, or a website's terms of service? A broad interpretation of the CFAA would have far-reaching legal implications for beneficial security research and even ordinary internet behavior.
2 min
COVID-19
Resources on the Main Street Lending Program to Support Small and Mid-Sized Businesses
The recent stimulus legislation - the “CARES Act” - allocated up to $600 billion for a new Main Street Lending Program to provide relief to small and mid-sized businesses impacted by the COVID-19 pandemic. Here are some resources on the program.
4 min
Public Policy
Cybersecurity Vulnerability Disclosure in Trade Agreements
Modern trade agreements should incorporate cybersecurity vulnerability disclosure. Here are Rapid7’s thoughts on how to do that and why.
5 min
Public Policy
Hackers On The Hill - Slides and recap on cybersecurity policy
Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.
4 min
Government
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.
3 min
Public Policy
What Is Texas Senate Bill 820, and How Will It Affect Your School District?
In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.
4 min
Public Policy
Expanded Protections for Security Researchers Under DMCA Sec. 1201
The Library of Congress announced that it would renew and expand legal protections for security testing under Section 1201 of the Digital Millennium Copyright Act (DMCA).
5 min
Public Policy
Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure
In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.
3 min
Public Policy
Georgia should not authorize "hack back"
Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto
statement, the Governor noted that the legislation raised "concerns regarding
national security implications and other potential ramifications," and that "SB
315 may inadvertently hinder the ability of government and private industries"
to protect against breaches. The statement expressed interest in working with
the cybersecurity and law enforcement communities on a new policy.
The Georgia state legislature recently pas
3 min
Public Policy
NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes
A key guideline for cybersecurity risk management now includes coordinated vulnerability disclosure and handling processes. This revision will help boost adoption of processes for receiving and analyzing vulnerabilities disclosed from external sources, such as researchers.
2 min
Public Policy
FCC Repeals Net Neutrality: What Now?
[Update 05/16/18: The US Senate passed a resolution
[https://www.markey.senate.gov/imo/media/doc/CRA%20Net%20Neutrality%20.pdf], led
by Sen. Ed Markey, to reject the FCC rule that repealed net neutrality. Rapid7
supports the resolution and other efforts to effectively reinstate net
neutrality safeguards.]
This week, Rapid7 hosted an event with Massachusetts’ Edward J. Markey and a
number of Boston’s technology and business leaders to protest the likely repeal
of net neutrality. Our CEO, Corey T
2 min
Public Policy
Welcome transparency on US government's process for disclosing vulnerabilities
The White House recently released details on the US government's process for disclosing - or retaining - zero-day vulnerabilities. The new VEP charter provides answers to several key questions, but it remains to be seen how it will operate in practice.