Reply to post: The CMA is auful

Computer Misuse Act: Tell the Home Office infosec needs a public interest defence in law, says CyberUp campaign


The CMA is auful

The CMA is the worst of both worlds at the moment

Literally, everything can be shoehorned into one of the three or four categories

And with the exception of the causing death clause, the penalties are laughable.

It needs cleaning up to better define an offence and given some teeth to act as a sufficient deterrent

For the protection of legitimate security testing, it should be a case of reasonable attempt to gain permission / inform the system owner, and a membership of a relevant authorising body ((ISC)2, ISACA, CREST, EC-Council, TIGER, SANS, etc.) along with contemporaneous documentation of actions taken and an intent to inform, a CVE request/Bug bounty Submission, would be a good option too.....

If a responsible body, for deciding which certs count, needs to be appointed, the NCSC in its role as National CERT and SPOC makes a good candidate.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon