GFCRC-inverted
Become a Member

What is the GFCRC?

The Good Faith Cybersecurity Researchers Coalition (GFCRC) advocates for policy reform to protect responsible cybersecurity vulnerability researchers (“white hat hackers”).  We help good faith researchers continue to provide information security vulnerability information in a timely, structured, and legally legitimate sheltered manner.

The GFCRC provides resources on technology, law, and ethics, advocates for positive policy change, and shares expertise.  We connect academia, industry, NGOs, and independent responsible good-faith hackers across borders.  Through this community, we inform and coordinate the activities of our stakeholders to encourage governments to develop and implement public policies to encourage such adoption in line with the OECD Recommendations

GFCRC Focal Activities:

  1. Encourage, support, and educate good faith cybersecurity researchers
  2. Advocate for consistent, reasonable, principles-based public policy on vulnerability treatment.
  3. Mobilise and coordinate stakeholders to work together towards policy reform
  4. Develop, collect, and share good practices and resources for better, safer coordinated vulnerability disclosure (CVD)

Why was the GFCRC Founded?

Modern society depends on software.  Business, politics, and social relationships all function because people trust that computer systems work as they should – and when they break, because people trust that they will be fixed.

Software sometimes has bugs – this is normal.  A 100% guaranteed secure system does not exist.  What is important is that, how, and how fast bugs are fixed.  If criminals and other malicious actors are able to exploit software flaws, people will lose trust in software, and in the processes that use it.  E-commerce, electronic voting, news, social media, banking…all these will then no longer be trustworthy.

Social, economic, and political stability depends on trust in information systems. This trust can only be assured if bugs and security holes can be fixed quickly once discovered.  The researchers who detect these bugs, and who work in good faith with vendors and customers to help them understand and remediate vulnerabilities are vital for this process to work.
 
Sadly, laws around the world relating to the disclosure of such vulnerabilities often penalize well-meaning hackers who follow responsible practices, subjecting them to the risk of civil and/or criminal prosecution.  In turn, despite the availability of a wide array of information and services supporting good faith researchers, these resources are often inconsistent, insufficient, and poorly understood.  This disincentivises researchers from sharing or publishing their findings, while malicious actors are just as likely to discover and exploit cybersecurity vulnerabilities.
 

The GFCRC was formed as a coalition of non-governmental parties interested in ensuring a continued flow of cyber vulnerability information in a way
that minimises the risk of bad actors taking advantage of them.  We encourage and support good faith cybersecurity researchers by advocating for robust legal protections around Coordinated Vulnerability Disclosure (CVD), including Safe Harbour provisions.  We follow, participate in, and stimulate policy work and public debate around responsible disclosure, provide a collective voice for all stakeholders interested in this topic, and establish and maintain close relationships with influential International Governmental Organisations, including the OECD.

Legal and Contact

The GFCRC is a not-for-profit organisation incorporated in France.
 
Registration details:

N° D’ANNONCE : 1922
NUMÉRO RNA : W751268366
N° DE PARUTION : 20230005
31 Jan 2023
https://www.journal-officiel.gouv.fr/pages/associations-detail-annonce/?q.id=id:202300051922

Address:
Good Faith Cybersecurity Researchers Coalition
242 Blvd. Voltaire
75011 Paris, France
mailto: info@gfcrc.org

 

 ©  2024 Good Faith Cybersecurity Researchers Coalition