Document Type

Response or Comment

Publication Date



United States Copyright Office


Professor Candice Hoke, Cleveland State University, and others (Douglas W. Jones, University of Iowa; Professor Deirdre Mulligan, University of California, Berkeley; Professor Vern Paxson, University of California, Berkeley;Professor Pamela Samuelson, University of California, Berkeley; Bruce Schneier Erik Stallman, Center for Democracy & Technology (CDT); comment addressing Proposed Class 25: Software Security Research and an exemption for software security research in order to promote the active research and testing efforts necessary to keep pace with evolving cybersecurity risks. Software and related access controls are increasingly embedded in a wide range of systems, from consumer goods to medical devices to infrastructure to industrial equipment. This trend carries tremendous opportunities, but it inevitably will bring a raft of new security flaws and vulnerabilities as well. Due to the widespread integration of software in tangible products and physical world processes, these flaws pose risks that are qualitatively different from the risks associated with traditional security defects confined to the digital environment. The emergence of the Internet of Things is one example of the spreading risk. In this rapidly evolving environment, active security research and testing are crucial.