Russia Blocks Ethical Hacking Legislation Over Security Concerns

Russia's State Duma rejected legislation that would have legalized ethical hacking, citing national security concerns. Politicians worried that discovering vulnerabilities in software from hostile countries would require sharing those security flaws with foreign companies, potentially enabling strategic exploitation.

The bill also failed to explain how existing laws would accommodate white-hat hacking provisions. Russia's Ministry of Digital Development introduced the proposal in 2022, with a first draft in 2023. Individual security researchers currently face prosecution under Russian Criminal Code for unauthorized computer access, while established cybersecurity companies can conduct limited vulnerability research.

Solution

[registrations_suck]

Well, the Russians could just white hat hack computers not in Russia, and report findings to companies outside Russia.

I guess.

It's not clear what problem the legislation was even intended to solve.

Re:

[Uldis Segliņš]

The only problem - keeping power through more compliance and less curiosity. The herd should be calm, disinterested and in the fenced area.

Ethical Russians you say

[greytree]

Any remaining Ethical Russians should be doing all they can to bring down their murderous government.

Re:

[Anonymous Coward]

Sure, because helping Ukraine defend itself against invasion, or Israel defend itself against neighbours who are sworn to destroy it is bad, right?

Re:

[Errol backfiring]

Organizations like Kaspersky have proven to be very useful for the safety of the digital world, and they have held many awesome presentations at hacker conferences. Overthrowing their government might not be their strongest skill though.

Not surprising...

[jonwil]

Its not surprising Russia doesn't want white hat hackers given that the white hat hackers would be doing things that would make life harder for all the black-hat cyber criminals operating out of that country.