Our modern lives increasingly rely on interconnected and complex technologies: in our homes, our critical infrastructure, our healthcare, everywhere. Enabling society to safely reap the benefits of this technology requires strong cybersecurity policies, practices, and awareness. To advance this cause, Rapid7 works with governments, companies, non-profits, and experts to shape policies, standards, and legislation that benefit consumers and defend responsible cybersecurity practitioners.
Rapid7’s public policy mission is part of our strong commitment to supporting the infosec community and advancing smart cybersecurity. Here are some examples of our cybersecurity policy work:
We believe security is the responsibility of all technology users, manufacturers, and intermediaries and that collaboration is the only way to achieve long-term change. That’s why we’re committed to openly sharing security information, helping our peers to learn, grow, and develop new capabilities, and supporting each other in raising and addressing issues that affect the cybersecurity community.
The Digital Millennium Copyright Act (DMCA) can hinder good faith security research by restricting the ability to analyze software for vulnerabilities. We support changes to extend protections for security researchers without diminishing copyright.
Independent security research is valuable for advancing cybersecurity, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to protectshield security researchers and internet users from overbroad liability.
Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.
Modern day companies depend on reliable cybersecurity and global flow of information to succeed in the digital economy. Trade agreements and trade policy should reflect these priorities while preserving flexibility for future innovations.
The Wassenaar Arrangement - a 40-nation export control agreement - creates broad new export requirements on software. We believe export controls should be implemented in a manner that avoids unnecessary burdens on legitimate cybersecurity products.
Commerce, government, and individual internet users rely on encryption for secure communications. Legal requirements to weaken encryption undermine cybersecurity, trust, innovation – and ultimately user security.
The principle of net neutrality has played an important role in providing users with equal access to digital content, empowering content creators of all sizes to compete on a more level playing field regardless of resources. Repealing net neutrality risks undercutting these opportunities and weakening full participation in the digital economy for small or independent content creators.