The question of safe penetration testing or security research comes up time an again. Good guys get prosecuted too.  
So, to follow-up my comment on RSnake's recent post, here is something that I have used to stay out of trouble.
DISCLAIMER: I am not a lawyer. If in doubt, ALWAYS, ALWAYS, ALWAYS get professional advice from an attorney. I hope this document puts the reader on the right track and helps keep them out of trouble.
CompanyName (“COMPANY”) hereby accepts the services and the related terms and conditions set forth in the attached Statement of Work (the “SOW”) of SecurityResearcher (“HACKER”).
COMPANY expressly acknowledges that the performance of these services will require HACKER to gain access to COMPANY confidential and proprietary network and information assets, and authorizes this access for the purposes described in the SOW, subject, however, to the Mutual Nondisclosure Agreement, dated ____________________, between COMPANY and HACKER (the “NDA”).
Due to the nature of the services contemplated by the SOW, COMPANY acknowledges that no representation or warranty can be made by HACKER with respect to such services or the efficacy thereof. In particular, COMPANY acknowledges that damage to COMPANY systems or information could result from the performance of such services, and that, following completion of such services, there can be no assurance that the COMPANY network will be secure or that unauthorized access thereof will not occur.
WITHOUT LIMITING THE FOREGOING, HACKER MAKES NO EXPRESS OR IMPLIED REPRESENTATIONS WITH RESPECT TO ITS PERFORMANCE OF THE SERVICES HEREUNDER OR ANY DELIVERABLES CONTEMPLATED HEREBY, INCLUDING WITHOUT LIMITATION ANY REPRESENTATION OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
In order to induce HACKER to perform its services COMPANY is accepting the terms and conditions and making the representations set forth herein, and COMPANY irrevocably waives and releases, and shall be stopped from asserting, any claims for damages or otherwise arising out of or in connection with the services, except as expressly contemplated by the NDA.
COMPANY represents and warrants that the COMPANY information systems to be accessed by HACKER do not contain confidential or proprietary information or other property belonging to any person other than COMPANY, or any classified information. By accepting HACKER’s services, COMPANY assumes any and all liability for any disclosure of any third-party confidential or proprietary information assets, or any classified information, arising out of or resulting from such services, and agrees to indemnify, defend and hold harmless HACKER from and against any claim, loss or liability asserted by any person arising out of or relating to any such disclosure, subject, however, to the NDA.
COMPANY expressly authorizes HACKER to gain access, including without limitation external network access and without regard to the COMPANY Information Security Policy, to all COMPANY computer networks and information systems which is reasonable and necessary, in HACKER’s sole judgment, for the purposes described in the SOW, and COMPANY acknowledges that such access shall be obtained by HACKER with the express permission of COMPANY and that such access is not a violation of any federal, state or local laws, rules or regulations, including without limitation the Computer Crime Act of 1986, as amended, or the Economic Espionage Act of 1996, as amended. Execution of this SOW by the representative of COMPANY shall constitute a representation and warranty by COMPANY that such representative is duly authorized to do so and has received all requisite governmental consents and approvals which may be necessary or appropriate to execute this SOW and to carry out the terms hereof, including without limitation the preceding sentence.
Accepted and approved by: