The government has announced a public consultation on a national policy aimed at protecting ethical hackers.

The proposed policy suggests that owners and managers of ICT systems implement a Coordinated Vulnerability Disclosure Program (CVDP). The government clarified that while most companies would be encouraged to voluntarily adopt a CVDP, essential entities would be mandated to do so under EU law.

Minister for the Economy, Enterprise and Strategic Projects, Silvio Schembri, said that this policy means that ethical hackers will have a clear framework where they can operate legally and transparently. This, he added, will not only contribute to better ICT systems, but also the legitimisation of the industry.

The CVDP document is open for submissions until 7th October.

Why is this policy needed?

In October 2022, Michael Debono, Giorgio Grigolo, Luke Bjorn Scerri, Luke Collins, and their lecturer Dr Mark Joseph Vella, were scanning through the software of the FreeHour app when they found a vulnerability where the user’s data could be leaked. The students say that the app could be exploited by malicious hackers.

After they found the vulnerability, the students sent an  e-mail to FreeHour to alert them.

After sending the e-mail, Mr Scerri, Mr Grigolo and Mr Debono were arrested from their homes and taken into custody where they were strip-searched and questioned. Mr Collins was questioned when he returned to Malta from England, where he was studying for his PhD.

The charges that they are facing were leaked on 30th August by Mark Camilleri, and they are set to appear before Magistrate Marse-Ann Farrugia next March.

In April of last year, BusinessNow.mt reached out to a qualified information security specialist who lamented Malta’s lack of safe harbour provisions – laws which protect ethical hackers and cater for the finding and reporting of cyber vulnerabilities.

Related

MFSA notes increase in use of gifts, prizes, and lotteries in financial promotions

October 11, 2024
by Nicole Zammit

The Malta Financial Services Authority (MFSA) has identified a number of misleading financial marketing practices in its 2023 report. The ...

Gozo Rural Airfield project approved amid mixed reactions

October 10, 2024
by Nicole Zammit

Project will not encroach on virgin or agricultural land and will only involve an extention of the existing runway

Malta’s trade deficit narrows to €362.2 million in August 2024

October 10, 2024
by Nicole Zammit

The decrease in imports was mainly driven by machinery and transport equipment, which totalled €178.6 million