Noting that responsible hacking is “a good contribution” to increasing security in software and other technology, the Dutch Ministry of Security and Justice set forth guidelines for hackers who spot security holes to report them to the proper parties, PC World reported.
Under the suggested guidelines, hackers would keep vulnerabilities in software secret for 60 days after they notify the corporation to allow the company time to repair it. In exchange, corporations are discouraged from prosecuting so-called “white hat” hackers. The person who discovers the hole is also, under the guidelines, expected not to alter or repeatedly enter the system through the discovered breach.
The guidelines suggest that government agencies and corporations put places on their websites to report security holes, or for hackers to use the country’s National Cyber Security Center as an intermediary.
The Dutch government would retain its right to prosecute harmful hackers.
While there are no similar guidelines in the United States, many companies like Google and Facebook have contests where they offer rewards for programming whizzes who find holes in their security.