Hacking Policy Council advocates for adjusting CISA incident reporting rule to allow for security research

The Cybersecurity and Infrastructure Security Agency should expand protections for security research under its upcoming incident reporting regime to exempt a wider range of good faith activity from triggering reporting requirements, according to the Hacking Policy Council.

“HPC urges CISA to clarify that security research performed in good faith is excluded from CIRCIA’s definition of ‘covered cyber incident,’ including where such activity is unsolicited, independent, or out of scope of authorized research and vulnerability disclosure programs,” the council says in...