Guide tells 'grey hats' how to avoid legal pitfalls
The US-based Electronic Frontier Foundation has published a guide on how IT professionals can avoid falling foul of the law as a result of ethical hacking...
"A computer-security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company's products," the guide states. "By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied."