What We Do
The Security Research Legal Defense Fund ("the Defense Fund") is a nonprofit organization whose mission is to promote social welfare by providing financial assistance for legal representation of good faith security researchers and vulnerability disclosure.
Society depends on secure digital communications and devices, but cyberattacks and system failures increasingly endanger physical safety, consumer privacy, and the operation of critical services.
The public benefits when security vulnerabilities in software and systems are discovered and fixed before malicious actors can exploit them. In many instances, individuals have acted independently and in good faith to find and report vulnerabilities for mitigation, thereby strengthening the cybersecurity of products and services for the good of the community.
While recognition from governments and businesses of the value of good faith security research and vulnerability disclosure is growing, individuals continue to meet with legal threats when their vulnerability research and disclosures are unwelcome or misunderstood. Such threats can ignore individuals’ rights or misconstrue facts, creating a chilling effect on beneficial security research and vulnerability disclosure, especially for individuals without the resources to finance legal counsel.
The Security Research Legal Defense Fund may donate to good faith security researchers' choice of counsel to represent them in defending against claims related to good faith security research and vulnerability disclosure. The Defense Fund does not provide direct legal representation at this time.
The organization's Board of Directors will consider potential grantees and vote on distribution of funds.
To help ensure funds are used in the public interest, the recipients of legal defense funds would be required to meet eligibility criteria. The eligibility criteria is subject to revision by the Board, and aims to reflect alignment with legally accepted definitions of "good faith security research."
The eligibility criteria to apply for grants from the Defense Fund is anticipated to include:
- The grantee demonstrates financial need;
- Funds donated from the Security Research Legal Defense Fund would go towards representation in legal matters related to good faith security research or vulnerability disclosure, and not such illegal behavior as extortion;
- The "good faith security research or vulnerability disclosure" was performed for the purpose of good faith testing, investigation, correction, or disclosure of a security flaw or vulnerability, was carried out in a manner designed to avoid harm to individuals or the public, and the information derived from the activity was intended to be used primarily to promote the security or safety of computers or software, or those who use such computers or software; and
- Board approval.
Who We Are
UC Berkeley and Stanford
Future of Privacy Forum
Center for Cybersecurity Policy & Law