What We Do
Ethical hacking, vulnerability disclosure, and penetration testing improve security for consumers, enterprises, and society. However, outdated laws create restrictions and liability for these practices, and emerging legal requirements on vulnerability management are not always clear or in the best interests of security. There continues to be a lack of awareness and effective adoption of best practice, and policymakers have not implemented practical solutions to protect and encourage vulnerability disclosure and management.
Key goals of the Hacking Policy Council
- Create a more favorable legal environment for vulnerability disclosure and management, bug bounties, independent repair for security, good faith security research, and pentesting;
- Grow collaboration between the security, business, and policymaking communities;
- Prevent new legal restrictions on security research, pentesting, or vulnerability disclosure and management; and
- Strengthen organizations’ resilience through effective adoption of vulnerability disclosure policies and security researcher engagement.
- Hacking Policy Council launch press release
- Recommendations for vulnerability disclosure requirements under Cyber Resilience Act – Mar. 31, 2023
- Joint comments to NIST on vulnerability disclosure and Cybersecurity Framework v2.0 concept paper – Mar. 17, 2023
- More coming soon.
Who We Are
The Hacking Policy Council is a group of experts dedicated to creating a more favorable legal, policy, and business environment for good faith security research, penetration testing, independent repair for security, and vulnerability disclosure and management.
Center for Cybersecurity Policy & Law
To report a vulnerability in this website, please email Security@hackingpolicycouncil.org.