Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Legal  

Security vs. Security - Rapid7 supports strong encryption

A major area of focus in the current cybersecurity policy discussion is how growing adoption of encryption impacts law enforcement and national security, and whether new policies should be developed in response. This post briefly evaluates several potential outcomes of the debate, and provides Rapid7's…

Wassenaar Arrangement - Recommendations for cybersecurity export controls

The U.S. Departments of Commerce and State will renegotiate an international agreement – called the Wassenaar Arrangement – that would place broad new export controls on cybersecurity-related software. An immediate question is how the Arrangement should be revised. Rapid7 drafted some initial revisions to the Arrangement…

Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201

On Mar. 3rd, Rapid7, Bugcrowd, and HackerOne submitted joint comments to the Copyright Office urging them to provide additional protections for security researchers. The Copyright Office requested public input as part of a study on Section 1201 of the Digital Millennium Copyright Act (DMCA). Our…

I've joined Rapid7!

Hello! My name is Harley Geiger and I joined Rapid7 as director of public policy, based out of our Washington, DC-area office. I actually joined a little more than a month ago, but there's been a lot going on! I'm excited to be a part…

12 Days of HaXmas: Political Pwnage in 2015

This post is the ninth in the series, "The 12 Days of HaXmas."2015 was a big year for cybersecurity policy and legislation; thanks to the Sony breach at the end of 2014 year, we kicked the new year off with a renewed focus on…

New DMCA Exemption is a Positive Step for Security Researchers

Today the Library of Congress officially publishes its rule-making for the latest round of exemption requests for the Digital Millennium Copyright Act (DMCA).  The advance notice of its findings revealed some good news for security researchers as the rule-making includes a new exemption to…

Why I Don't Dislike the Whitehouse/Graham Amendment 2713

[NOTE: No post about legislation is complete without a lot of acronyms representing lengthy and forgettable names of bills. There are three main ones that I talk about in this post:CISA – the Cyber Information Sharing Act of 2015 – Senate bill that will…

Rapid7's Comments on the Wassenaar Arrangement Proposed Rule for Controlling Exports of Intrusion Software

For the past two months, the Department of Commerce's Bureau of Industry and Security (BIS) has been running a public consultation to solicit feedback on its proposal for implementing export controls for intrusion software under the Wassenaar Arrangement. You can read about the proposal and…

Wassenaar Arrangement - Frequently Asked Questions

The purpose of this post is to help answer questions about the Wassenaar Arrangement.  You can find the US proposal for implementing the Arrangement here, and an accompanying FAQ from the Bureau of Industry and Security (BIS) here. For Rapid7's take on Wassenaar, and…

Response to the US Proposal for Implementing the Wassenaar Arrangement Export Controls for Intrusion Software

On May 20th 2015, the Bureau of Industry and Security (BIS) published its proposal for implementing new export controls under the Wassenaar Arrangement. These controls would apply to: systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion…

Will the Data Security and Breach Notification Act Protect Consumers?

Last week, the House Energy and Commerce Committee published a discussion draft of a proposed breach notification bill – the Data Security and Breach Notification Act of 2015. I'm a big fan of the principles at play here: as a consumer, I expect that if a…

How Do We De-Criminalize Security Research? AKA What's Next for the CFAA?

Anyone who read my breakdown on the President's proposal for cybersecurity legislation will know that I'm very concerned that both the current version of the Computer Fraud and Abuse Act (CFAA), and the update recently proposed by the Administration, have and will have a strong…

Will the President's Cybersecurity Proposal Make Us More Secure?

Last week, President Obama proposed a number of bills to protect consumers and the economy from the growing threat of cybercrime and cyberattacks. Unfortunately in their current form, it's not clear that they will make us more secure. In fact, they may have the potential…

Petition for Reform of the DMCA and CFAA - Why I Care, and Why I Think You Should Too.

Here's the TL;DR:Software now runs everything and all software has flaws, which means that we, as consumers, are at risk. This includes YOU, and can impact your safety or quality of life. Sign this petition to protect your right to information on how…

Supporting the Security Community - Why I Joined Rapid7

Hey SecurityStreet!I wanted to say hello, as I am new to the Rapid7 team - and excited to be working with you. Three ThingsWho is this 'Trey guy'Why Rapid7?What are you doing? (… which is all I want to talk about!) …