DOJ Says It Won't Punish 'Good Faith' Cyber Flaw Research

By Ben Kochman (May 19, 2022, 8:22 PM EDT) -- The U.S. Department of Justice on Thursday directed prosecutors to not charge researchers who report cybersecurity flaws in "good faith" with breaching the Computer Fraud and Abuse Act, a year after a key U.S. Supreme Court ruling curbed the statute's scope.

In a policy directive sent to government attorneys across the country, DOJ officials said that the department will not prosecute security researchers that access an organization's networks "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the...

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.


  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!

TRY LAW360 FREE FOR SEVEN DAYS

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!