Navigating Legalities in Cybersecurity Research

Lee comes on the show to discuss:

• EU CRA - https://en.wikipedia.org/wiki/CyberResilienceAct - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure"
• Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation -https://www.nrdc.org/stories/what-happens-if-supreme-court-ends-chevron-deference
• Breach disclosure laws - mandatory disclosure rules from the SEC - https://www.sec.gov/newsroom/press-releases/2024-31
• Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - https://securityledger.com/2024/08/a-digital-lock-maker-tried-to-squash-a-def-con-talk-it-happened-anyway-heres-why/

Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram’s encryption: it’s kinda like putting a 'Keep Out' sign but leaving the door unlocked.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-842