Cybercrime: Research

(asked on 18th March 2021) - View Source

Question to the Ministry of Justice:

To ask the Secretary of State for Justice, what criteria his Department uses to determine good faith security research, as outlined in his Department’s Vulnerability Disclosure Policy.


Answered by
Chris Philp Portrait
Chris Philp
Minister of State (Home Office)
This question was answered on 26th March 2021

The intention behind the reference to 'in good faith' is to support a mechanism for cooperation with security researchers with the aim to identify and quickly remediate reported vulnerabilities. As such research and vulnerability disclosure must be carried out "in an honest and sincere way" without affecting the safety, security and continuity of any data or service in accordance with the disclosure policy and consistent with the law. Each situation is different and thus must be judged on its own merits, but the MoJ would consider whether the individual's approach has been proportionate to the problem they are trying to uncover, has been limited to simply proving the existence of the problem, and has protected confidentiality of data within the systems concerned.

Reticulating Splines