Google and various IS companies join forces to establish a legal defense fund and form the Hacking Policy Council, supporting ethical hackers and pushing for reasonable vulnerability disclosure policies.
In a landmark move for the cybersecurity industry, Google and several Information Security (IS) companies have come together to establish a legal defense fund and advocacy group aimed at supporting ethical hackers and promoting fair vulnerability disclosure rules. This initiative is designed to encourage ethical hackers to discover and report vulnerabilities while protecting them from legal challenges.
Google & IS firms establishing legal defense fund
The Cybersecurity Research Legal Defense Fund, managed by the nonprofit Cybersecurity Policy and Law Center, will provide legal advice to cybersecurity researchers and pentesters who face unfair prosecution for uncovering vulnerabilities or hacks. With seed funding from Google, this fund aims to level the playing field between ethical hackers and malicious actors.
At present, ethical hackers often face numerous barriers, fears, and deterrents, while unscrupulous specialists enjoy greater freedom. Eric Goldstein, executive assistant director of cybersecurity at CISA, emphasized the need to change this dynamic to ensure vulnerabilities are found and addressed before causing harm.
Lobbying propaganda for data protection and Internet security
The Hacking Policy Council, a coalition of Google and various IS companies, will lobby for reasonable vulnerability disclosure policies and support best practices for vulnerability management. Founding members include HackerOne, Bugcrowd, Intel, Intigriti, and Luta Security. This group’s mission is to advocate for policies that promote vulnerability detection and disclosure while protecting hackers working to improve security.
Dave Gerry, BugCrowd CEO, underlined the importance of better vulnerability reporting methods, stating that it would ultimately protect consumers, businesses, and society by increasing the chances of flaws being fixed before attackers exploit them. With these initiatives in place, the cybersecurity landscape is expected to experience significant improvements in ethical hacking and vulnerability management.