Rapid7 Public Policy

Consumers, businesses, and governments increasingly rely on interconnected and complex technologies. Enabling society to safely reap the benefits of this progress requires strong cybersecurity policies, practices, and awareness. To advance this cause, Rapid7 works with governments, companies, non-profits, and experts to shape policies, standards, 以及有利于消费者和维护负责任的网络安全从业人员的立法.

Recent Highlights

Public Policy

Incident Reporting Regulations Summary and Chart

Read Full Post

Public Policy

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

New US Law to Require Cyber Incident Reports

Read Full Post

Our Policy Work

Computer Access Laws

Laws restricting computer access and use should carefully balance the need to combat cybercrime with the value of supporting security research, innovation, and other legitimate activity.

DMCA

The Digital Millennium Copyright Act (DMCA) can hinder good faith security research by restricting the ability to analyze software for vulnerabilities. 我们支持在不减少版权的情况下扩大对安全研究人员的保护.

11/14/21 - Rapid7 analysis on 2021 security researcher rules
07/16/21 - 就保安研究人员保护事宜致版权局的单方函件
06/23/21 - Rapid7 joins statement on DMCA lawsuits against security tools
07/13/18 - 对美国司法部关于DMCA安全研究人员豁免的信函的快速回应
12/18/17 - Joint comments to the Copyright Office in support of strengthening the DMCA security researcher exemption
06/28/17 - 版权局呼吁新的网络安全研究人员保护
10/27/16 - 就具体的DMCA改革向版权局提出联合意见，以保护安全研究人员
03/15/16 - Rapid7, Bugcrowd和HackerOne文件亲研究员评论DMCA Sec. 1201
10/28/15 - New DMCA Exemption is a Positive Step for Security Researchers

CFAA

独立的安全研究对推进网络安全具有重要意义, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to protectshield security researchers and internet users from overbroad liability.

06/04/21 - Proposed security researcher protection under CFAA
06/03/21 - Analysis of Supreme Court opinion narrowing CFAA
07/13/20 - Rapid7 joins CFAA brief to the Supreme Court
10/20/15 - Why I Don't Dislike the Whitehouse/Graham Amendment
01/26/15 - How Do We De-Criminalize Security Research?
01/23/15 - Will the President's Cybersecurity Proposal Make Us More Secure?

UK Computer Misuse Act

英国的《ladbrokes立博官网》(CMA)危害了防御性安全工具的共享, 不承认诚信安全研究的重要性, 并且未能定义访问系统的授权构成. Rapid7 supports sensible reforms that clarify these issues and advance cybersecurity without creating opportunities for abuses.

06/08/21 - Rapid7 Position on the Computer Misuse Act 1990
06/07/21 - Home Office Call for Information Computer Misuse Act 1990

States

Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.

09/21/16 - Rapid7支持密歇根汽车黑客法中的研究人员保护
05/16/16 - Joint letter re Michigan vehicle hacking legislation

Hack Back

Authorizing private entities to take active measures in retaliation against hacking risks undermining cybersecurity and causing collateral damage.

06/17/21 - Rapid7 Position on Private Sector Hack Back
05/24/17 - Why Companies Shouldn’t Try to Hack Their Hackers
04/17/18 - Georgia Should Not Authorize "Hack Back"

Meet the Team

Deral Heiland

Principal Security Consultant

Deral Heiland CISSP, serves as a Research Lead (IoT) for Rapid7. 他在信息技术领域拥有超过20年的经验, 曾担任多个职位，包括:高级网络分析师, Network Administrator, Database Manager, 财务系统经理和高级信息安全分析师. 在过去的10多年里，Deral的职业生涯一直专注于安全研究, security assessments, penetration testing, and consulting for corporations and government agencies. 联邦政府还对许多技术课题进行了安全研究, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.

Sabeen Malik

Vice President of Global Government Affairs and Public Policy

Sabeen Malik是Rapid7全球政府事务和公共政策副总裁. She has spent her education and career pursuits becoming a thought leader on digital economy and tech policy issues, law and economic development, innovation economies, and next-generation emerging technology and economic trends. Sabeen has worked in the private and public sector, including at Thumbtack, Google, and the United States Department of State where she served as a senior tech advisor to the Under Secretary of State for Economic Growth, Energy, and the Environment. 同时对商业和经济问题的全球技术趋势充满热情, she also is an expert on bridging differences with the public and private sector to create international partnerships that solve global problems. 萨宾在几个董事会任职，是杜鲁门国家安全研究员, Aspen Socrates Fellow, Atlantic Council Non Resident Fellow, and Stimson Loomis Council member. She has spoken at the World Bank, the UN, and the White House.

Tas Giakouminakis

Co-Founder & Chief Technology Officer

Tas Giakouminakis leads Rapid7’s Office of the CTO, focusing on security research, data science and public policy initiatives to better the security community through open and collaborative engagement. As Rapid7's co-founder and CTO, Tas之前领导了Rapid7屡获殊荣的解决方案的开发和集成, 推动技术方向，使客户通过质量, simplicity, and innovation. Prior to founding Rapid7, Tas helped form Percussion Software, where he led the development of Percussion's first product. 他还为花旗集团开发了安全和风险领域的软件. 他在美国信息系统技术咨询委员会(ISTAC)任职.S. Dept. 他在美国商务部就与信息安全产品相关的出口管制提供咨询.

Rapid7 Public Policy

Recent Highlights

Our Policy Work

Computer Access Laws

DMCA

CFAA

UK Computer Misuse Act

States

Hack Back

International Trade and Exports

International Trade

Wassenaar Arrangement

Vulnerability Disclosure and Incident Reporting

Cyber Incident Reporting

Vulnerability Handling and Disclosure

Securing Data and Systems

Critical Infrastructure

Ransomware

Personal Information Security

IoT and Smart Products

Digital Economy

Patents

Encryption

Net Neutrality

Meet the Team

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.