Court: Breaking Your Employer's Computer Policy Isn't a Crime
The United States Court of Appeals for the Second Circuit issued an opinion rejecting the government’s attempt to hold an employee criminally liable under the federal hacking statute—the Computer Fraud and Abuse Act (“CFAA”)—for violating his employer-imposed computer use restrictions. The decision is important because it ensures that...
Find a Security Vulnerability, Get a Reward: Announcing EFF's Security Vulnerability Disclosure Program
At EFF we put security and privacy first. This means working hard at keeping our members and site visitors safe, as well as the people who use the software we develop. We also dedicate staff time to advising security researchers, maintaining resources like our Coders' Rights Project, and ...
No Photo IDs for FBI FOIAs
The FBI recently opened beta testing of eFOIA, a new online system for filing and tracking requests for records under the Freedom of Information Act (FOIA). On first glance, the project seems like a noble effort to streamline transparency in an agency that is notoriously slow and resistant to...
Let's Encrypt Enters Public Beta
TPP Threatens Security and Safety by Locking Down U.S. Policy on Source Code Audit
Security Vulnerability Disclosure Program Hall of Fame
This page lists people who have had bugs accepted by EFF's Security Vulnerability Disclosure Program.
Security Vulnerability Disclosure Program
Also check out our EFF Security Hall of Fame to see the heroes that have already reported security vulnerabilities to us!
Overview
EFF is committed to protecting the privacy and security of users of our software tools. Our Vulnerability Disclosure Program is intended to minimize the impact any security flaws have on our tools or their users. EFF's Vulnerability Disclosure Program covers select software partially or primarily written by EFF.
Let's Encrypt Enters Public Beta
Form 18 Is Dead. What’s Next for Patent Trolls?
The Trolls’ Favorite Template Has Been Retired, but Don’t Get Too Excited
It’s easy to file a patent complaint. All a patent owner has to do is say that they own a patent and that the defendant infringed it. The patent holder doesn’t even need to identify which product...
Google’s Student Tracking Isn’t Limited to Chrome Sync
Many media reports on (as well as at least one response to) the FTC complaint we submitted yesterday about Google’s violation of the Student Privacy Pledge have focused heavily on one issue—Google’s use of Chrome Sync data for non-educational purposes. This is an important part of our complaint,...







