Currently one can obtain a private investigator licence. Getting such a licence requires a minimum amount of training, mandatory firearm training, and is prohibited to criminals and such.
How about instigating a 'cyber investigator' licence. Applicants would have to prove a minimum level of proficiency with pen testing, gaining entry to systems without damaging anything or causing data loss, hacking software, etc., and would also be vetted for a criminal record.
Those who gained a licence would be expected to follow a code of conduct. Benefits would include immunity from DMCA laws and the like that get used to prevent ethical hackers from reporting vulnerabilities.
Companies that suffered a breach and wanted to find out who did it would be required to hire only a licenced cyber investigator. It might cost them a bit more but they would at least have the confidence that the hired person had the required skillset. It could be that a requirement of hiring someone for such a task would be to pay them to report on the vulnerabilities that allowed the breach to happen in the first place.
Labs that wanted to carry out vulnerability testing of software could apply for licences for staff so they would then be immune from companies informed of vulnerabilities trying to get them prosecuted.
Currently one can obtain a private investigator licence. Getting such a licence requires a minimum amount of training, mandatory firearm training, and is prohibited to criminals and such.
How about instigating a 'cyber investigator' licence. Applicants would have to prove a minimum level of proficiency with pen testing, gaining entry to systems without damaging anything or causing data loss, hacking software, etc., and would also be vetted for a criminal record.
Those who gained a licence would be expected to follow a code of conduct. Benefits would include immunity from DMCA laws and the like that get used to prevent ethical hackers from reporting vulnerabilities.
Companies that suffered a breach and wanted to find out who did it would be required to hire only a licenced cyber investigator. It might cost them a bit more but they would at least have the confidence that the hired person had the required skillset. It could be that a requirement of hiring someone for such a task would be to pay them to report on the vulnerabilities that allowed the breach to happen in the first place.
Labs that wanted to carry out vulnerability testing of software could apply for licences for staff so they would then be immune from companies informed of vulnerabilities trying to get them prosecuted.
Thoughts anyone?