After years of being hamstrung by the threat of prosecution under The Computer Fraud and Abuse Act (CFAA), security researchers and hackers operating in good faith have gotten some relief after the U.S. Justice Department said it would not bring charges against them using the law.

The federal regulation had, at least theoretically, threatened researchers acting in good faith, even those participating in bug bounty programs and who are some of the most creative, innovative minds in security.

“Researchers often complained that, even when firms have a coordinated disclosure or ‘bug bounty’ program, too much push-back or friction exists; they often feel slighted or pushed off,” said Archie Agarwal, founder and CEO, ThreatModeler. “Organizations, for their part, are often stuck when presented with a disclosure because the researcher found a fatal design flaw that will require months of concerted effort to mitigate—perhaps some researchers preferred such flaws would stay buried out of sight.”

Read the full article here

If you’d like to learn more about ThreatModeler’s capabilities, you can contact us here.


ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >