Posts tagged Legal

4 min Public Policy

Expanded Protections for Security Researchers Under DMCA Sec. 1201

The Library of Congress announced that it would renew and expand legal protections for security testing under Section 1201 of the Digital Millennium Copyright Act (DMCA).

Read Full Post

5 min Public Policy

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.

Read Full Post

3 min Public Policy

Georgia should not authorize "hack back"

Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto statement, the Governor noted that the legislation raised "concerns regarding national security implications and other potential ramifications," and that "SB 315 may inadvertently hinder the ability of government and private industries" to protect against breaches. The statement expressed interest in working with the cybersecurity and law enforcement communities on a new policy. The Georgia state legislature recently pas

Read Full Post

2 min Public Policy

Welcome transparency on US government's process for disclosing vulnerabilities

The White House recently released details on the US government's process for disclosing - or retaining - zero-day vulnerabilities. The new VEP charter provides answers to several key questions, but it remains to be seen how it will operate in practice.

Read Full Post

5 min Public Policy

Copyright Office Calls For New Cybersecurity Researcher Protections

On Jun. 22, the US Copyright Office released [https://www.copyright.gov/policy/1201/section-1201-full-report.pdf] its long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act (DMCA), and it has important implications for independent cybersecurity researchers. Mostly the news is very positive. Rapid7 advocated extensively for researcher protections to be built into this report, submitting two sets of detailed comments—see here [/2016/03/15/rapid7-bugcrowd-and-hackerone-file-pro-res

Read Full Post

2 min Public Policy

Legislation to Strengthen IoT Marketplace Transparency

Senator Ed Markey (D-MA) is poised to introduce legislation to develop a voluntary cybersecurity standards program for the Internet of Things (IoT). The legislation, called the Cyber Shield Act, would enable IoT products that comply with the standards to display a label indicating a strong level of security to consumers – like an Energy Star rating for IoT. Rapid7 supports this legislation and believes greater transparency in the marketplace will enhance cybersecurity and protect consumers. The

Read Full Post

4 min Public Policy

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative (USTR) – the nation's lead trade agreement negotiator – formally requested [https://www.regulations.gov/docket/USTR-2017-0006] public input on objectives for the renegotiation of the North American Free Trade Agreement (NAFTA). NAFTA is a trade agreement between the US, Canada, and Mexico, that covers a huge range of topics, fr

Read Full Post

4 min Public Policy

White House Cybersecurity Executive Order Summary

Yesterday President Trump issued an Executive Order on cybersecurity: “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” [https://www.federalregister.gov/documents/2017/05/16/2017-10004/strengthening-the-cybersecurity-of-federal-networks-and-critical-infrastructure] The Executive Order (EO) appears broadly positive and well thought out, though it is just the beginning of a long process and not a sea change in itself. The EO directs agencies to come up with plans

Read Full Post

4 min Research

NCSAM: The Danger of Criminalizing Curiosity

This is a guest post from Kurt Opsahl [https://twitter.com/kurtopsahl], Deputy Executive Director and General Counsel of the Electronic Frontier Foundation [https://twitter.com/EFF]. October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA [/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers] and the 30th anniversary of the

Read Full Post

2 min Public Policy

I've joined Rapid7!

Hello! My name is Harley Geiger and I joined Rapid7 as director of public policy, based out of our Washington, DC-area office. I actually joined a little more than a month ago, but there's been a lot going on! I'm excited to be a part of a team dedicated to making our interconnected world a safer place. Rapid7 has demonstrated a commitment to helping promote legal protections for the security research community. I am a lawyer, not a technologist, and part of the value I hope to add is as a repr

Read Full Post

1 min Legal

Rapid7's Comments on the Wassenaar Arrangement Proposed Rule

For the past two months, the Department of Commerce's Bureau of Industry and Security (BIS) has been running a public consultation to solicit feedback on its proposal for implementing export controls for intrusion software under the Wassenaar Arrangement. You can read about the proposal and Rapid7's initial thoughts here [/2015/06/13/response-to-the-us-proposal-for-implementing-the-wassenaar-arrangement-export-controls-for-intrusion-software] . The consultation window closed on Monday, July 20th

Read Full Post

8 min Metasploit

Wassenaar Arrangement - Frequently Asked Questions

The purpose of this post is to help answer questions about the Wassenaar Arrangement.  You can find the US proposal for implementing the Arrangement here [https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-11642.pdf], and an accompanying FAQ from the Bureau of Industry and Security (BIS) here [http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200]. For Rapid7's take on Wassenaar, and information on the comments we intend to submit to BIS, please read this companion pie

Read Full Post

3 min Public Policy

Petition for Reform of the DMCA and CFAA

Here's the TL;DR: Software now runs everything and all software has flaws, which means that we, as consumers, are at risk. This includes YOU, and can impact your safety or quality of life. Sign this petition to protect your right to information on how you are exposed to risk: https://petitions.whitehouse.gov/petition/unlock-public-access-research-software -safety-through-dmca-and-cfaa-reform/DHzwhzLD The petition Last weekend a petition [https://petitions.whitehouse.gov/petition/unlock-public

Read Full Post