Ask HN: How can lawmakers better protect reporters of security vulnerabilities?

2 points by Buttons840 ↗ HN
The US is again warning of potential cybersecurity attacks against the US. Hearing this, I can't help but roll my eyes and lament the way we treat those who report cybersecurity vulnerabilities.

Recently, the governor of Missouri made it a personal political goal to prosecute a "hacker" who did nothing more than view the source of a government web page. It's easy to find other cases where people are harassed, prosecuted, and sometimes jailed, after reporting a vulnerability.

I myself once discovered an apparent security vulnerability, but I just closed my browser and walked away. I didn't want to deal with the potential harassment or worse. I think many are like me.

What changes can lawmakers make to improve this situation? How can we protect those who report security vulnerabilities?

2 comments

[ 1.8 ms ] story [ 11.2 ms ] thread
Report only to companies that accepts publicly vulnerability reports and keep all the records
This doesn't answer my question. How can we change the laws to improve the situation? From a national security perspective, hoping individuals do the right thing despite great personal risk won't work well.