Companies and regulators need to find new ways to teach young hobby hackers to disclose bugs responsibly, according Nominet chairwoman and House of Lords peer Baroness Fritchie.
Fritchie made the claim during a Westminster eForum event when asked by V3 about researchers' current difficulties in disclosing bugs.
"Having worked as a regulator I think it's important people have a safe place to report things," she said.
"It's important there's an amnesty element to this. Maybe this is something we should do for cyber security and have a signposted area for people to say: 'I think we've found something.'"
The news follows reports from many young hackers that UK law enforcement is overly focused on "scalping" them rather than acknowledging their efforts and teaching them responsible disclosure practices.
Former LulzSec hacker Mustafa Al-Bassam attacked the private sector and police in October 2014, arguing that their aggression towards hackers is forcing bug hunters to operate outside the law.
Cyber Security Challenge chief executive Stephanie Daman explained at the eForum event that the confusion is indicative of a wider problem in the cyber security industry.
"Cyber security is a young profession. It's not clear what discipline it fits into [and] it's not friendly to women. There are no clear pathways into the profession. This is all pretty unhelpful when recruiting people into the profession," she said.
"Individuals who excel in this space don't always come from the backgrounds you'd expect. We need to have as many avenues open and available as possible to find them."
Daman cited the skills gap in the UK as evidence of the need to recruit and educate, rather than arrest, young hobby hackers.
"In the last few years cyber threats have increased in variety and sophistication. Mobile devices, cloud-based services, the Internet of Things etc will make this worse," she said.
"[Additionally] companies are still doing things that don't help the problem by releasing insecure products, and users continue to do silly things like clicking on phishing links and so on.
"Finding cyber security professionals is increasingly important and difficult. Building this workforce is not something we can do quickly. It's not about having the money. Most organisations have the funds, there's just not enough skilled people for them to recruit."
Fritchie added that businesses and governments should work harder to promote openness about cyber security issues to overcome the skills gap.
"Nominet has taught me the importance of the board in cyber security. It's important board members help through their leadership to embed cyber security into the core of the organisation," she said.
"It's vital that culture is led by the board. This is particularly true in cyber security as, no matter how good your technology, it only takes one employee to cause a problem.
"We're not just warning them not to use unknown USB sticks or click on phishing emails, we're empowering them to report problems and help each other."
She added that this should carry over into the consumer space. "This is mirrored in a need for change in consumer behaviour around cyber security. This is difficult but we know it can be done, [as we did] with drink driving [etc]," she said.
"We need to do the same with cyber security as the vast majority of companies are SMBs using consumer products and behaving as consumers."
Fritchie and Daman are two of many professionals calling for reforms to cyber security.
Head of cyber security at National Rail, Peter Gibbons, warned that critical infrastructures will fall to hackers if companies continue to view cyber security as a contained and purely IT problem.
A fast, gorgeous but expensive display
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'