A senior Department of Justice official said a framework to clarify how private companies can conduct information security research without running afoul of the Computer Fraud and Abuse Act is gaining traction, but that the government is content for now to keep the guidance broad and allow “natural momentum” from the private sector to determine specific policies.
Speaking Oct. 18 at a CyberScoop conference in Washington, D.C., Leonard Bailey, DOJ’s senior counsel for the National Security, Computer Crime and Intellectual Property Section, provided an update on the vulnerabilities disclosure program for online systems that was unveiled in July 2017.
