Security vulnerability is the vulnerability of the information system，together with the external security threat，constitutes the information security risk. At present，the reasonable exploration and subsequent use of security vulnerability has gradually become a common concern of society. As civic groups of vulnerability exploitation，“white hat” play an critical role in the governance of Security vulnerability. However，due to the vagueness of law，the development of this group has been hindered. With the view of Vulnerability exploitation，this paper analysis relevant practices of domestic and overseas，and focuses on the existing problems in China. Finally，combine with China’s national conditions and present legislations，this paper proposes suggestions for the design and implementation of the “white hat” vulnerability exploitation legal rules，aim to safeguard the cybersecurity and the build of community of common future in cyberspace.