Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Researchers who uncover security flaws set to get extra protection in Germany with new law

A hacker typing on a MacBook laptop with code on the screen.

  • German law may soon be modernized to protect ethical hackers
  • Stricter punishments for data spying also included
  • Move follows recent high-profile attacks on European governments

Lawmakers in Germany are drafting legislation to provide legal protections for cybersecurity researchers who uncover and responsibly report security vulnerabilities to vendors.

The proposed legislation will look to modernize Germany’s digital law, ensuring ethical security researchers can be confident in their legal cover, whilst destructive cybercriminals can expect more severe punishments, with stricter penalties for serious cases of data espionage and interception.

“Anyone who wants to close IT security gaps deserves recognition – not a letter from the public prosecutor” said Dr Marco Buschmann, the Federal Minister of Justice.

Ethical hacker protections

Protections for researchers will be provided under a strict set of criteria. Research must be carried out with the aim of identifying a security risk or vulnerability in order to be protected. The researcher must also intend to report the identified vulnerability to a ‘responsible entity capable of addressing the issue’, such as the software manufacturer or system operator.

Finally, the actions taken to access the system must be necessary to identify the vulnerability, which prohibits excessive access outside of security research.

The new punishments will impose stricter penalties, especially on those who target critical infrastructure, such as transport networks or hospitals. This type of attack could soon lead to a prison sentence ranging from three months to five years.

European critical infrastructure has seen a significant rise in cyberattacks in recent years, especially since the Russian invasion of Ukraine. The discovery of security vulnerabilities by cybersecurity researchers can be crucial in protecting these institutions from cyberattacks by discovering and reporting flaws before malicious actors.

Until now, ethical hackers and researchers have often fallen into a legal grey area, where even well-intentioned disclosure could result in criminal prosecution. The move to protect researchers will reduce uncertainty and therefore help improve cybersecurity across the board.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.