With a solicitation closing Sept. 2 on a vulnerability disclosure platform and a finalized binding operational directive apparently in hand, the Cybersecurity and Infrastructure Security Agency is getting ready to open the civilian government’s front door to individuals who might identify weaknesses in its defenses.
The directive would instruct civilian agencies to publish vulnerability disclosure policies that encourage security research by committing not to pursue or recommend legal action against individuals who probe government systems, as long as they honor certain stipulations.
Nextgov took a short trip back in time to get a better understanding of the motivations of the community of people who began the push to access and explore computer technology and their fear of prosecution, mainly under laws such as the Computer Fraud and Abuse Act, which has been criticized over broad and harsh application.
In 1998, members of a group called “The L0pht,”—which had demonstrated vulnerabilities in Microsoft’s encryption and passwords—tried to explain the basic impulse of the hacker archetype to Congress.
“For the past four years, the seven of us have been touted as just about everything from the hacker conglomerate, the hacker think tank, the hangout place for the top U.S. hackers, network security experts, and a consumer watch group,” one member, testifying under the handle “Mudge,” told the Senate Governmental Affairs Committee. “In reality, all we really are is just curious.”
B ..
Support the originator by clicking the read the rest link below.
