HackerOne

Washington, DC, December 27, 2024 – Following the adoption of the UN Convention Against Cybercrime, HackerOne, the cybersecurity company dedicated to eliminating vulnerabilities through continuous testing, today reiterated its concern about the treaty’s failure to protect those involved in research to strengthen cybersecurity. The company called on UN member countries to establish and enhance legal protections for good-faith security researchers as they implement the treaty. 

“Good faith security research protects people. The worthy goal of this treaty to combat malicious cyber criminals will be undermined if countries fail to differentiate between ethical hacking and criminal behavior,” said Ilona Cohen, chief legal and policy officer at HackerOne. “We strongly urge member countries to protect beneficial security research in national laws or through policies and guidelines that companies and law enforcement can follow.”

Though this treaty will not directly alter existing computer crime laws, HackerOne and others have voiced concern that nations with less developed cybercrime laws may pass regulations that mirror the text of the UN’s Convention, and authoritarian governments may use the flawed text of the Convention to justify suppression and censorship of security researchers and others.

HackerOne encourages the United States to contribute its knowledge and experience in protecting security research and strongly encourages the adoption of similar practices in other countries. For example, the U.S. Agency for International Development and the State Department should incorporate policy best practices for protecting security researchers into their cybersecurity capacity building programs. Alternatively, they should condition digital capacity building funds on the condition that recipient governments do not prosecute good faith security researchers. The U.S. should also partner with nongovernmental capacity building organizations and like-minded governments to develop and disseminate best practices for implementing the treaty that recognize the importance and benefits of security research and differentiate ethical research from cybercrime.

About HackerOne 

HackerOne is the global leader in vulnerability elimination through continuous security testing. Its industry-leading HackerOne Platform combines AI with the expertise of the world’s largest community of security researchers to deliver ongoing vulnerability discovery and management across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, code audits, challenges, and AI red teaming. Trusted by industry leaders like Coinbase, General Motors, GitHub, Goldman Sachs, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.