Hoffman has a number of best practice recommendations for security researchers to help them stay on the right side of the law.
She recommends that researchers be very careful about violating agreements or policies, especially confidentially agreements. Additionally, she said that researchers should be cautious about creating or distributing tools that circumvent barriers.
She added that public disclosure about an issue, without reporting to the vendor first, can make the situation more tense.
"Your risk increases if you go public without talking to the vendor first," Hoffman said.
Finally, if in doubt, Hoffman suggests that researchers contact a lawyer for a professional opinion.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.