9 min
Public Policy
Proposed security researcher protection under CFAA
Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. One way we take action on this value is by supporting protection for security researchers acting in good faith.
2 min
Public Policy
Supreme Court narrows CFAA
The Supreme Court interprets the CFAA narrowly. This avoids over-criminalizing cybersecurity research and commonplace internet activity, though may raise concerns about insider threats.
6 min
Public Policy
How the Biden Administration's cybersecurity order will affect companies
The Biden Administration's Executive Order will create new software security and cyber incident reporting requirements for federal contractors.
3 min
Cloud Infrastructure
Reducing Risk With Identity Access Management (IAM)
As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access.
7 min
Public Policy
Calling for cybersecurity in infrastructure modernization
Rapid7 issued a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation.
6 min
Public Policy
Overview of the EU’s draft NIS 2 Directive
The EU Commission proposed revisions to its NIS Directive that would enhance cybersecurity requirements on critical infrastructure-like organizations in the EU. This post provides an overview of the proposed revisions.
4 min
Public Policy
Principles for personal information security legislation
Rapid7's principles for laws to protect personal information: 1) Strong but flexible security requirements; 2) Security exemptions from privacy restrictions; 3) State preemption without undermining cybersecurity.
2 min
Public Policy
Congress unanimously passes federal IoT security law
Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.
3 min
Ransomware
Ransomware Payments and Sanctions - U.S. Treasury Advisory
The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.
5 min
Public Policy
A step closer to stronger federal IoT security
The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.
6 min
Public Policy
Internet of Things Cybersecurity Regulation and Rapid7
Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.
3 min
Public Policy
Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II
On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in the Schrems II case (also known as Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems). Here is our response.
2 min
Public Policy
Rapid7 joins CFAA brief to the Supreme Court
Should it be a federal hacking crime to disobey your workplace computer use policy, or a website's terms of service? A broad interpretation of the CFAA would have far-reaching legal implications for beneficial security research and even ordinary internet behavior.
4 min
Public Policy
Cybersecurity Vulnerability Disclosure in Trade Agreements
Modern trade agreements should incorporate cybersecurity vulnerability disclosure. Here are Rapid7’s thoughts on how to do that and why.
5 min
Public Policy
Hackers On The Hill - Slides and recap on cybersecurity policy
Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.