Don’t penalise cybersecurity researchers!

We wrote to the Indian Computer Emergency Response Team regarding a provision in their new Responsible Vulnerability Disclosure and Coordination Policy that penalises cybersecurity researchers for vulnerability disclosures. In our representation, we highlighted how such provisions would create an atmosphere in which researchers would be reluctant about reporting vulnerabilities and recommended that a robust disclosure mechanism be implemented that protects researchers from harm.


This is a companion discussion topic for the original entry at https://internetfreedom.in/dont-penalise-cybersecurity-researchers/