While the CFAA and all of its troubled language remains in place, the DOJ has announced that security researchers who do not have malicious intent do not have anything to fear anymore.
The CFAA case of Van Buren v. U.S. has concluded with a decision resulting in a clarification of how crimes involving "authorized access" are defined.
The court will determine how the nearly 35-year-old CFAA is interpreted. The worst possible interpretation could put employees and contractors at the mercy of the terms of service of systems and software.