Overview
Explore the legal complexities surrounding bug bounty programs in this 33-minute conference talk from BSidesSF 2018. Delve into the murky legal landscape of vulnerability disclosure, examining how some platforms and companies may inadvertently expose hackers to civil and criminal liability risks. Learn about a novel survey of bug bounty terms and their implications for the more than 120,000 hackers participating in these programs. Discover practical steps to minimize legal risks, understand the importance of standardizing legal terms in light of the DOJ framework, and gain insights into which contract clauses hackers should be wary of or demand to ensure "authorized access." Gain valuable knowledge about the intersection of cybersecurity and law, empowering ethical hackers to navigate the vulnerability economy more safely and effectively.
Syllabus
BSidesSF 2018 - Hacking the Law: Are Bug Bounties a True Safe Harbor? (Amit Elazari)
Taught by
Security BSides San Francisco