Computer Access Laws
Laws restricting computer access and use should carefully balance the need to combat cybercrime with the value of supporting security research, innovation, and other legitimate activity.
DMCA
The Digital Millennium Copyright Act (DMCA) can hinder good faith security research by restricting the ability to analyze software for vulnerabilities. 我们支持在不减少版权的情况下扩大对安全研究人员的保护.
- 11/14/21 - Rapid7 analysis on 2021 security researcher rules
- 07/16/21 - 就保安研究人员保护事宜致版权局的单方函件
- 06/23/21 - Rapid7 joins statement on DMCA lawsuits against security tools
- 07/13/18 - 对美国司法部关于DMCA安全研究人员豁免的信函的快速回应
- 12/18/17 - Joint comments to the Copyright Office in support of strengthening the DMCA security researcher exemption
- 06/28/17 - 版权局呼吁新的网络安全研究人员保护
- 10/27/16 - 就具体的DMCA改革向版权局提出联合意见,以保护安全研究人员
- 03/15/16 - Rapid7, Bugcrowd和HackerOne文件亲研究员评论DMCA Sec. 1201
- 10/28/15 - New DMCA Exemption is a Positive Step for Security Researchers
CFAA
独立的安全研究对推进网络安全具有重要意义, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to protectshield security researchers and internet users from overbroad liability.
- 06/04/21 - Proposed security researcher protection under CFAA
- 06/03/21 - Analysis of Supreme Court opinion narrowing CFAA
- 07/13/20 - Rapid7 joins CFAA brief to the Supreme Court
- 10/20/15 - Why I Don't Dislike the Whitehouse/Graham Amendment
- 01/26/15 - How Do We De-Criminalize Security Research?
- 01/23/15 - Will the President's Cybersecurity Proposal Make Us More Secure?
UK Computer Misuse Act
英国的《ladbrokes立博官网》(CMA)危害了防御性安全工具的共享, 不承认诚信安全研究的重要性, 并且未能定义访问系统的授权构成. Rapid7 supports sensible reforms that clarify these issues and advance cybersecurity without creating opportunities for abuses.
States
Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.
- 09/21/16 - Rapid7支持密歇根汽车黑客法中的研究人员保护
- 05/16/16 - Joint letter re Michigan vehicle hacking legislation
Hack Back
Authorizing private entities to take active measures in retaliation against hacking risks undermining cybersecurity and causing collateral damage.
- 06/17/21 - Rapid7 Position on Private Sector Hack Back
- 05/24/17 - Why Companies Shouldn’t Try to Hack Their Hackers
- 04/17/18 - Georgia Should Not Authorize "Hack Back"