[cloakandswagger]

>I think one part of improving cyber security is prosecuting people who deliberately and maliciously hack into other systems who do so for either monetary gain or fame.

This would do nothing except cast a chilling effect over the security community. Everyone would sit on exploits, too afraid of overzealous prosecutors to publish them or even reach out to the affected parties.

Unless, of course, you believe the US justice system to be the paragon of restraint and reasonableness.

[richardwhiuk]

No, it would be better if responsible disclosure was codified in the CFA. That's worthy of a campaign - but weev didn't practice that, so he's a poor figurehead for such a campaign.

Such a protection could provide an equal level of footing with the DMCA (i.e. you aren't liable for malicious attacks on a computer company if you provide full disclosue and advance notice, in the same way YouTube isn't liable for hosting copyrighted content if they provide a takedown mechanism).