BSidesLA 2014 - Trial by Research: Security Research v. Law

Blog Post created by jhart Employee on Oct 1, 2014

Last month I had the pleasure of speaking at BSides Los Angeles.


My role at Rapid7, much like many others who dabble in security research, frequently puts me in a position where I need to be aware of and careful regarding U.S. law. The talk I gave, titled "Trial by Research: Security Research v. Law", describes how current U.S. laws like the CFAA, ECPA and DMCA, while enacted with the best of intentions, oftentimes end up stifling security research.  It goes even further to say that these same laws can have a negative affect on the larger security knowledge base, including things like vulnerability and breach disclosure.  The net result is perhaps not as positive as we'd like, and leaves everyone involved in a tough position -- vendors, consumers, researchers and legislators.  Finally, it goes on to suggest some ways to improve the situation.


Attached to this post is a copy of the slides for public consumption.