13-2316.02. Unauthorized release of proprietary or confidential computer security information; exceptions; classification
A. A person commits unauthorized release of proprietary or confidential computer security information by communicating, releasing or publishing proprietary or confidential computer security information, security-related measures, algorithms or encryption devices relating to a particular computer, computer system or network without the authorization of its owner or operator.
B. The following are exempt from this section:
1. The release by publishers, vendors, users and researchers of warnings or information about security measures or defects in software, hardware or encryption products if the release of the warnings or information is not specific to a particular owner s or operator s computer, computer system or network.
2. The release of security information among the authorized users of a computer, computer system or network or the notification to the owner or operator of a computer, computer system or network of a perceived security threat.
3. The release of security information in connection with the research, development and testing of security-related measures, products or devices if the release of the security information is not specific to a particular owner s or operator s computer, computer system or network.
C. At the conclusion of any grand jury, hearing or trial, the court shall preserve pursuant to section 44-405 any proprietary computer security information that was admitted in evidence or any portion of a transcript that contains information relating to proprietary computer security information.
D. Unauthorized release of proprietary or confidential computer security information is a class 6 felony, unless the security information relates to a critical infrastructure resource, in which case it is a class 4 felony.