5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
[http://www.senate.michigan.gov/committees/files/2016-SCT-JUD_-09-20-1-01.PDF] –
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
1 min
Public Policy
NIST 800-53 Control Mappings in SQL Query Export
In July, we added National Institute of Standards and Technology (NIST) Special
Publication 800-53r4 controls mappings to version 2.0.2 of the reporting data
model for SQL Query Export reports. NIST 800-53 is a publication that develops a
set of security controls standards that are designed to aid organizations in
protecting themselves from an array of threats.
What does this mean for you? Well, now you can measure your compliance against
these controls by writing SQL queries. For example, say
4 min
Public Policy
Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
On Mar. 3rd, Rapid7, Bugcrowd [https://bugcrowd.com/], and HackerOne
[https://hackerone.com/] submitted joint comments to the Copyright Office urging
them to provide additional protections for security researchers. The Copyright
Office requested public input [http://copyright.gov/fedreg/2015/80fr81369.pdf]
as part of a study on Section 1201
[https://www.law.cornell.edu/uscode/text/17/1201] of the Digital Millennium
Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming
2 min
Public Policy
I've joined Rapid7!
Hello! My name is Harley Geiger and I joined Rapid7 as director of public
policy, based out of our Washington, DC-area office. I actually joined a little
more than a month ago, but there's been a lot going on! I'm excited to be a part
of a team dedicated to making our interconnected world a safer place.
Rapid7 has demonstrated a commitment to helping promote legal protections for
the security research community. I am a lawyer, not a technologist, and part of
the value I hope to add is as a repr
5 min
Public Policy
New DMCA Exemption is a Positive Step for Security Researchers
Today the Library of Congress officially publishes its rule-making for the
latest round of exemption requests for the Digital Millennium Copyright Act
(DMCA). The advance notice of its findings
[https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-27212.pdf]
revealed some good news for security researchers as the rule-making includes a
new exemption to the DMCA for security research:
“(i) Computer programs, where the circumvention is undertaken on a lawfully
acquired device or
1 min
CISOs
Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"
Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live
Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and
Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this
week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity
Awareness month webcast where we were joined by a panel of experts:
Brian Betterton - Director, Security, Risk and Compliance at Reit Management &
Research
Trey Ford - Global Security
3 min
Public Policy
Petition for Reform of the DMCA and CFAA
Here's the TL;DR:
Software now runs everything and all software has flaws, which means that we, as
consumers, are at risk. This includes YOU, and can impact your safety or quality
of life. Sign this petition to protect your right to information on how you are
exposed to risk:
https://petitions.whitehouse.gov/petition/unlock-public-access-research-software
-safety-through-dmca-and-cfaa-reform/DHzwhzLD
The petition
Last weekend a petition
[https://petitions.whitehouse.gov/petition/unlock-public
4 min
Release Notes
Configuration Assessment and Policy Management in Nexpose 5.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
enhancements to our configuration assessment capabilities:
* A policy overview dashboard: To understand the current status of compliance
of configurations delivering a summary of the policy itself.A policy rule
dashboard: To provide further details for a particular rule and the current
compliance status for that rule.
What makes th