Here’s a better solution: change the laws!

Knowing the audience of this forum, you’re probably American and under 35. You have lived your whole life with an inoperable legislator. The US Congress, through a mixture of time-honored traditions with unfathomable externalities (there can never be more than this amount of representatives) and disinterested sports-like politics, is unable to print new laws in a reactive fashion. This means that kludges, with their own unfathomable externalities, look like sane solutions. They’re not. A functioning democracy would set up a legal framework for ethical research.

Not really, many professional researchers notify law enforcement when engaging in something that could be viewed as illegal or generate calls to the police.

What should happen is the addition of a "reasonable" standard and using existing case law policy positions to not prosecute people who have a reasonable basis supporting their claim of security research.

Instead we'll be left with the lazy lawmakers doing nothing and the executive saying they'll prosecute only the people who "deserve" it.

Well, the thing about making security research legal is that the law can outline what is legal and illegal security research, instead of leaving it in a grey area of a policy statement that may change at any time without notice, or from a political agenda.

A well executed law change will make it very clear where the line is to get into illegal territory and would likely include industry feedback in the drafting. The downside is it could also go the other way, policy changes are executed by politicians who likely have a fairly poor grasp of the tech and industry, and could leave the policy in a worse shape until tested by the court system.

If the law were to say outline steps the hacker must do, barriers that can't cross, it may actually make it harder for a hacker to say I was just doing research.