Bugcrowd urges ethical hackers and CISOs to respond as UK government’s Computer Misuse Act consultation deadline approaches

Pioneering crowdsourced cybersecurity platform provider believes more publicity is needed for consultation to engage the full spectrum of opinion

London, UK – March 28, 2023 – Insectoperator of the world’s leading crowdsourced cybersecurity platform, today invited independent cybersecurity researchers, crowdsourced cybersecurity customers and cybersecurity advocates in general to contribute their views to the UK Government consultation on the Computer Misuse Act of the 1990s. There are less than two weeks left until the submission deadline, but it is unclear whether enough stakeholders have contributed to ensuring that the UK government can conduct a fully informed review.

Insect mob logo

Among a number of issues, consultation participants are invited to comment on the potential for a legal legal defense for hacking, if such activities had good faith/benevolence grounds. This move would mirror US reforms to charging rules under its Computer Fraud and Abuse Act. The Home Office has already indicated that such a legal defense could « advance our entire society’s approach to cyber security but is also wary of the potential for unintended consequences.

Bugcrowd founder Casey Ellis is spearheading Bugcrowd’s response to the UK government consultation. He said: “Poor legal protection for ethical hackers could have the chilling effect that those who could help make the Internet a safer place are afraid to do so. According to Bugcrowd, the United Kingdom must think in the same line as the United States, which has clarified the protection of legitimate security research activities through a major Judgment of the Supreme Court and a clear DOJ Commitment do not prosecute security researchers in good faith.

“To be even clearer: people make software, people make mistakes, and mistakes create vulnerabilities. Amid the rapid acceleration of technology and the ongoing massive worldwide shortage of skilled cybersecurity professionals, Bugcrowd wants organizations and law enforcement agencies to continue to benefit from « Neighborhood watch for the Internet » by decriminalizing and encouraging anyone from the security community ‘ethical hacking to assist. Those ethical, well-intentioned and responsible researchers should not be put in a position where they could be at risk of legal jeopardy,” she added.

In May 2021, the Home Secretary announced a review of the Computer Misuse Act (CMA). The first step of the review was a public call for information to gather the views of stakeholders and the general public, to identify and understand whether there are harm-causing activities in the area covered by the CMA that are not adequately addressed by the crimes current. The consultation closes on 6 April 2023 and submissions can be made via email or in writing to the addresses on the Government consultation webpage.

Bugcrowd is contributing to the consultation as part of two industry groups, the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition. Both of these organizations will submit comments to the consultation reflecting the views of their respective members.

« However, it’s still important that as many people and organizations as possible have their say on this, » said Ellis of Bugcrowd. “The UK needs a revised law that not only better defines the difference between the activities of malicious attackers who have no intention of obeying the law in the first place, and those who hack in good faith, discovering and revealing vulnerabilities so that can be addressed before they are exploited.”


« Bugcrowd » is a trademark of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

About Bugcrowd
Bugcrowd is the industry’s leading provider of crowdsourced cybersecurity solutions purpose-built to protect the digitally connected world. Today’s business requires an offensive approach to cybersecurity, and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. Bugcrowd Security Knowledge Platform™ enables companies to proactively protect their organization, reputation and customers with products like Bug Bounty, Penetration Testing-as-a-Service and more. Trusted by organizations around the world, Bugcrowd discovers and fixes vulnerabilities before they go out of business by leveraging the expert ingenuity and knowledge of world-class security researchers. Headquartered in San Francisco, Bugcrowd is supported by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more about www.bugcrowd.com.

Contact with the media
Rose Ross, Omarketing Ltd, rose@omarketing.com

# # #