What We Do

Ethical hacking, vulnerability disclosure, AI red teaming, and penetration testing improve security for consumers, enterprises, and society. However, outdated laws create restrictions and liability for these practices, and emerging legal requirements on vulnerability management are not always clear or in the best interests of security. There continues to be a lack of awareness and effective adoption of best practice, and policymakers have not implemented practical solutions to protect and encourage vulnerability disclosure and management. 

Key goals of the Hacking Policy Council

  • Create a more favorable legal environment for vulnerability management and disclosure, bug bounties, AI red teaming, good faith security research, and pentesting; 
  • Grow collaboration between the security, business, and policymaking communities;
  • Prevent new legal restrictions on security research, pentesting, AI red teaming, or vulnerability disclosure and management; and
  • Strengthen organizations’ resilience through effective adoption of vulnerability disclosure policies and security researcher engagement.

Our Work

Who We Are

The Hacking Policy Council is a group of experts dedicated to creating a more favorable legal, policy, and business environment for good faith security research, penetration testing, independent repair for security, and vulnerability disclosure and management. 

Membership

Placeholder Image

Ilona Cohen

Advisory Committee

HackerOne

Placeholder Image

Casey Ellis

Advisory Committee

Bugcrowd

Placeholder Image

Brian Gorenc

Advisory Committee

Trend Micro

Placeholder Image

Katie Noble

Advisory Committee

Intel

Placeholder Image

Charley Snyder

Advisory Committee

Google

Placeholder Image

Rob Spiger

Advisory Committee

Microsoft

Placeholder Image

Marilyn Vandermarliere

Advisory Committee

Intigriti

Placeholder Image

Harley Geiger

Coordinator

Center for Cybersecurity Policy & Law

To report a vulnerability in this website, please email [email protected].