The U.S. government has released an updated version of the Digital Millennium Copyright Act (DMCA), adding a list of new exemptions that will protect cybersecurity professionals from prosecution over reverse-engineering of products for research purposes. The update is in response to a number of petitions received by U.S. Copyright Office requesting exceptions to rules in order to allow good-faith security research on computer programs within devices or machines primarily designed for use by individual consumers.
— DMCA defining good-faith security research: "For purposes of this exemption, “good-faith security research” means accessing a computer program solely for purposes of good-faith testing, investigation and/or correction of a security flaw or vulnerability, where such activity is carried out in a controlled environment designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices or machines on which the computer program operates, or those who use such devices or machines, and is not used or maintained in a manner that facilitates copyright infringement."
— Listed exemptions: Computer programs on lawfully acquired devices or machines; consumer devices such as phones, computers, and voting machines; vehicles, medical devices, and video games