web analytics

German Law Could Protect Researchers Reporting Vulns – Source: www.darkreading.com

Rate this post

Source: www.darkreading.com – Author: Dark Reading Staff

A German flag blowing in the wind

Source: Simon Tilley via Alamy Stock Photo

Germany’s Federal Ministry of Justice has drafted legislation that would protect security researchers who discover and report security flaws to vendors.

The draft eliminates criminal liability for people who choose to warn businesses, and ultimately the public, of cyber vulnerabilities. The proposed law amends an existing law that protects IT security researchers, companies, and hackers from punishment.

Certain criteria must be met for the act to be considered security research. The action must aim to identify a vulnerability or security risk in an IT system, and the researcher who discovers the flaw must have the intent of reporting the vulnerability to those responsible for addressing the issue. They should also only be accessing a system to identify a vulnerability.

The draft proposes a penalty of three to five months in prison for severe cases of malicious data spying and data interception that include criminal acts, acts motivated by profit, or those that result in substantial financial damage.

“Those who want to close IT security gaps deserve recognition — not a letter from the prosecutor,” stated Marco Buschmann, the Federal Minister of Justice.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Original Post URL: https://www.darkreading.com/cybersecurity-operations/germany-law-protect-researchers-reporting-vulns

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post