Germany drafts law to protect researchers who find security flaws

pMicrosoft rereleases Exchange updates after fixing mail deliveryppSpyLoan Android malware on Google play installed 8 million timesppNew Windows Server 2012 zeroday gets free unofficial patchesppTor needs 200 new WebTunnel bridges to fight censorshipppMozilla really wants you to easily set Firefox as default Windows browserppIts only 50 to train for these CompTIA exams in this course dealppGoogle Chromes AI feature lets you quickly check website trustworthinessppNovel phising campaign uses corrupted Word documents to evade securityppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppThe Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendorsppWhen security research is conducted within the specified boundaries those responsible will be excluded from criminal liability and the risk of prosecutionppThose who want to close IT security gaps deserve recognitionnot a letter from the prosecutor stated Federal Minister of Justice Dr Marco BuschmannppWith this draft law we will eliminate the risk of criminal liability for people who take on this important task mentions the Minister in the same statementppAdditionally the proposed amendment to the criminal law introduces stricter penalties for serious cases of data spying and interception particularly when critical infrastructure is targetedppThe new draft law amends Section 202a of the Criminal Code StGB to protect IT security researchers companies and socalled hackers from punishment under computer criminal lawppThis applies when their actions are carried out to detect and close a security vulnerability as long as they are not considered unauthorizedppThe criteria to meet for security research are the followingppThe same exclusion from criminal liability is also applied to offenses pertaining to data interception 202b StGB and data modification 303a StGB as long as the related actions are deemed authorizedppAt the same time the draft fill introduces a penalty ranging from three months to five years of imprisonment for severe cases of malicious data spying and data interception 202a StGBppIn terms of what constitutes a severe case the draft bill mentions the following casesppMore details about the draft law and proposed amendments are available hereppFederal states and concerned associations have received it for review and are given until December 13 2024 to submit their feedback before it is presented to the Bundestag for parliamentary deliberationppThe US Department of Justice announced a similar revision to the Computer Fraud and Abuse Act CFAA in May 2022 introducing prosecution exclusions for goodfaith security researchersppDOJ Man hacked networks to pitch cybersecurity servicesppBitfinex hacker gets 5 years in prison for 120000 bitcoin heistppDDoS site Dstatcc seized and two suspects arrested in GermanyppCISA proposes new security requirements to protect govt personal datappGitLab warns of critical arbitrary branch pipeline execution flawppsounds like improvement hope they review prior cases One gap still unauthorized so if you find an exposed whatever and touch it youre still a criminal Hope they tune that a bit till then those that dont unauthorize pen testing will be less secure and everyone they are attached to little steps in the right directionppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppThe Actual Cost of Forgotten PasswordsppSolving the painful password problem with better policiesppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppHow to leverage 200 million FCC program boosting K12 cybersecurityppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp