On October 16, the Russian State Duma passed the first reading of a groundbreaking bill aimed at legalizing “white hackers.” This new legislation allows ethical hackers to study software programs for vulnerabilities without prior consent from the copyright holders. The initiative has sparked widespread interest as a potential game-changer in cybersecurity regulations.
Key Provisions of the Bill
The proposed bill, identified as № 509708-8, grants users the right to examine, research, and test the functionality of software programs and databases without needing permission from the copyright holders or paying them royalties. This initiative aims to enhance software safety by identifying and addressing potential flaws.
Conditions for Ethical Hacking
- The software must operate on the user’s own technical devices.
- Any discovered vulnerabilities cannot be shared with third parties, except with the copyright holder or an authorized party working with their consent.
- Ethical hackers must notify the copyright holders of any identified flaws within five working days. An exception applies if the hacker cannot locate the copyright holder’s contact details.
Motivation and Impact
This bill, introduced by a group of deputies led by Anton Nemkin, a member of the State Duma’s Committee on Information Policy, reflects Russia’s growing focus on strengthening cybersecurity. By formally recognizing the role of ethical hackers, the legislation could foster collaboration between software developers and cybersecurity professionals to improve system integrity.
The bill proposes changes to Article 1280 of the Civil Code of the Russian Federation and is set to address long-standing gaps in cybersecurity legislation, creating a safer digital environment for businesses and individuals alike.
What’s Next?
While this is just the first reading, the bill’s progress signals a broader acceptance of ethical hacking practices in Russia. If passed, it will position ethical hackers as key players in the fight against cyber threats, enhancing the safety of digital ecosystems across the country.