By Intigriti
March 21, 2023
New Belgian legislation increases protections for the ethical hacker community as they go about their work testing systems for flaws.
It’s been a busy period regarding cybersecurity legislation and news. Across the globe, we’re seeing governments provide increased protections for ethical hacking – particularly in Intigriti’s home country of Belgium, with the new safe harbor framework officially launching last month.
Additionally, we’ve seen a number of reports showcasing the growing importance of crowdsourced security solutions, both from a problem perspective with the rising threat level, and the increasing benefits they are providing to organizations.
The continued acknowledgment of crowdsourced security and the greater enablement of ethical hacking has been hugely positive for the enterprise security landscape.
At Intigriti, we’ve had the pleasure of being part of the conversation within the media, with some of our key team members discussing these crucial changes. Below we’ve collected some of the most exciting pieces that hit the headlines over the past month.
RELATED Safe harbor framework for ethical hackers officially launches in Belgium
Belgian news website HLN provided a brief overview of the safe harbor legal framework [article in Dutch] that was officially launched in Belgium on February 15. This article featured insight from our Chief Hacking Officer, Inti De Ceukelaire, who discussed how the changes will positively affect the ethical hacker community.
“I have been waiting for the law to be amended for 10 years,” Inti told HLN. “The obligation to report to the CCB lapses as soon as the company in question has its own policy for reporting and publishes it publicly, which is called a responsible disclosure policy. As a hacker, you immediately know what to do if you find something.”
Inti also discussed the improvements in Belgium with Data News:
“This makes us one of the few countries where the rules are so clearly stated,” he explained.
The news also gained traction in international security press: “I do hope that legislation like this will have the ‘GDPR’-effect that will effectively force companies to adopt this,” Inti told The Daily Swig.
“Paradoxically, most security researchers are now delivering value and improvements to companies that want to listen and are already on board with the latest security trends, such as a VDP.
YOU MIGHT ALSO LIKE HR software giant Personio takes its bug bounty program to the next level
Belgian broadcaster VRT NWS dove even further into the topic [article in Dutch] in an interview with Inti, who discussed the impact that this will have on Belgian companies, particularly how it will influence those who have lacked vulnerability disclosure policies in the past.
“There are many companies that are burying their heads in the sand today,” our Chief Hacking Officer said. “As long as you don’t see any problems, you don’t have to solve them, and you don’t have to make a budget for them.”
Elsewhere, Unizo spoke to our head of security, Niels Hofmans, about the new Belgian framework and his recommendations for businesses in the new operating environment.
Offering advice for organizations, Niels said: “Have a public responsible vulnerability disclosure policy to make it clear how you want them to look for vulnerabilities or not… Try to be transparent to the researcher about your expectations and ensure a timely response. You shouldn’t lead ethical hackers on a leash, as this will cause frustration on both sides and cause you to miss a leak in the future.”
On top of discussing the updates to Belgian legislation, Inti also spoke to the Toronto Sun regarding the general topic of organizations using ethical hacking to improve their security. Diving into his experience of being a real hacker and reflecting on his first-ever bug bounty.
“When all the pieces finally come together, that is the best feeling in the world,” he said. “Knowing that you have just cracked the biggest corporations.”
Offering some personal reflections on the legislation, one month on, Inti took to LinkedIn to discuss the impact of the changes:
This latest press coverage tops off a busy few weeks for Intigriti in the news.
In early March, we were named in the Financial Times FT 1000 List of Europe’s Fastest Growing Companies.
We’re immensely proud to see Intigriti break into the top 500 of the coveted FT 1000, coming in at number 497, and one of seven Belgian businesses in the list.
With tens of thousands of other businesses in the running, it’s a privilege to be recognized alongside so many other notable companies.
DON’T MISS Nurturing program engagement: Easy steps you can take to keep your bug bounty program ticking