Joining the Security Research Legal Defense Fund Board

If hackers are the Internet's immune system, then the Security Research Legal Defense Fund (SRLDF) is one of the most important pieces of infrastructure protecting it.

The reality is stark: security researchers who find and report vulnerabilities—the people actively making the Internet safer—still face legal threats for doing so. Anti-hacking laws like the Computer Fraud and Abuse Act (CFAA) continue to be wielded against good-faith researchers, creating a chilling effect on the very work we all depend on. The SRLDF exists to change that equation by providing financial grants to fund legal representation for researchers who can't afford to fight back on their own.

Today, I'm proud to share that Jen Ellis and I have officially joined the SRLDF's Board of Directors, effective March 18, 2026.

Why This Matters

The SRLDF was founded by Kurt Opsahl (President), Jim Dempsey (UC Berkeley and Stanford), and Harley Geiger as a 501(c)(3) nonprofit with a focused mission: ensure that good-faith security researchers aren't silenced by legal threats they can't afford to fight. It provides grants—not direct legal representation—to fund researchers' chosen legal counsel, and can provide lawyer referrals for those who don't have one.

This is deeply personal to me. Through my work founding Bugcrowd and co-founding disclose.io, I've spent over two decades advocating for the legal protection of security researchers. I participated as amicus curiae in the Van Buren v. United States Supreme Court case, and have worked with the White House, Department of Defense, Department of Justice, and CISA on cybersecurity policy. Joining the SRLDF board is a natural extension of this work—moving from advocacy into direct action.

As I said in the announcement: "Ensuring legal protection for good-faith security research is essential to preserving the Internet's immune system."

Jen Ellis Joins as Treasurer

Jen brings extraordinary depth to this role. As the founder of NextJenSecurity and a board member of both the CVE Program and the Center for Cybersecurity Policy and Law, she has spent over a decade building bridges between the security research community and policymakers. During her 11 years at Rapid7 as VP of Community and Public Affairs, she developed security research advocacy initiatives and briefed Congressional offices extensively on the CFAA.

Jen put it perfectly: "Researchers need practical legal support and stronger norms that protect good intent."

What the SRLDF Does

For researchers who aren't familiar: the SRLDF evaluates applications from security researchers facing legal threats related to their good-faith vulnerability research. To be eligible, researchers must demonstrate financial need, and the research must have been conducted to identify and disclose vulnerabilities safely—not for extortion or illegal activity. The Board votes on each grant application.

If you're a researcher facing legal pressure, reach out at grants@srldf.org.

How You Can Help

The SRLDF is a nonprofit that depends on community support. Here's how you can get involved:

Follow SRLDF to stay up to date on cases, legal developments, and ways to support researchers:

• X/Twitter: @securityldf
• LinkedIn: Security Research Legal Defense Fund
• Bluesky: @srldf.bsky.social

Spread the word. If you know a security researcher who is facing legal pressure or threats related to their good-faith vulnerability research, point them to srldf.org and grants@srldf.org. Nobody should have to stop doing the right thing because they can't afford a lawyer.

Sponsor the mission. If you or your organization want to support the legal defense of good-faith security research, reach out at donate@srldf.org. The SRLDF is a 501(c)(3) nonprofit—donations are tax-deductible.

The Internet's immune system works best when researchers can do their work without fear. With this expanded board, the SRLDF is better positioned than ever to make that a reality.

-cje