Cybersecurity officials breathed a sigh of relief as Georgia Governor Nathan Deal vetoed state bill 315 that would have essentially have made it a crime to hack into a computer system, even to simply find its weaknesses, and gave the O.K. for companies to hack back against hackers.
The fact that the bill had progressed to the governor's desk had baffled cybersecurity executives, particularly those running bug bounty programs. The cyber and tech industry had mounted a full-court press opposing passage of the bill in the last few weeks. This included letters from Google and Microsoft saying any hack back provision was likely to lead to abuse and be deployed for anticompetitive purposes, The Hill wrote.
“After careful review and consideration of this legislation, including feedback from other stakeholders, I have concluded more discussion is required before enacting this cyber security legislation,” Deal said in vetoing the bill.
Lisa Wiswell, HackerOne policy advisor, said prior to the veto that Georgia State Bill 315 had the entire cybersecurity community shaking its head in disbelief. While many parts of the U.S. government are advancing cybersecurity by adopting industry's best practices, such as allowing security researchers to identify and disclose vulnerabilities that make us all safer, Georgia is closing the door to these folks.