Researchers who uncover security flaws set to get extra protection in Germany with new law

Germany is moving to protect ethical hackers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Lawmakers in Germany are drafting legislation to provide legal protections for cybersecurity researchers who uncover and responsibly report security vulnerabilities to vendors.

The proposed legislation will look to modernize Germany’s digital law, ensuring ethical security researchers can be confident in their legal cover, whilst destructive cybercriminals can expect more severe punishments, with stricter penalties for serious cases of data espionage and interception.

“Anyone who wants to close IT security gaps deserves recognition – not a letter from the public prosecutor” said Dr Marco Buschmann, the Federal Minister of Justice.

Ethical hacker protections

Protections for researchers will be provided under a strict set of criteria. Research must be carried out with the aim of identifying a security risk or vulnerability in order to be protected. The researcher must also intend to report the identified vulnerability to a ‘responsible entity capable of addressing the issue’, such as the software manufacturer or system operator.

Finally, the actions taken to access the system must be necessary to identify the vulnerability, which prohibits excessive access outside of security research.

The new punishments will impose stricter penalties, especially on those who target critical infrastructure, such as transport networks or hospitals. This type of attack could soon lead to a prison sentence ranging from three months to five years.

Europeancritical infrastructure has seen a significant risein cyberattacks in recent years, especially since the Russian invasion of Ukraine. The discovery of security vulnerabilities by cybersecurity researchers can be crucial in protecting these institutions from cyberattacks by discovering and reporting flaws before malicious actors.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Until now, ethical hackers and researchers have often fallen into a legal grey area, where even well-intentioned disclosure could result in criminal prosecution. The move to protect researchers will reduce uncertainty and therefore help improve cybersecurity across the board.

ViaBleepingComputer

You might also like

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’ve been a Firefox power user since it launched 20 years ago – here’s why it still beats Chrome and Safari