Explore the legal landscape and practical considerations of vulnerability disclosure programs in this 36-minute conference session from Security@ 2017. Delve into the federal statutes, case law, and legal frameworks surrounding ethical hacking and vulnerability reporting. Examine the role of disclosure programs in cybersecurity, including their benefits and potential risks. Learn about key legislative efforts like the Warner Gardner Bill and analyze high-profile cases such as the Dru case and Google's Project Zero. Gain insights into implementing effective vulnerability disclosure programs, covering aspects like adoption, scoping, resource allocation, reporting mechanisms, and notification processes.
The Benefits and Risks of Vulnerability Disclosure Programs
Overview
Syllabus
Introduction
Legal Framework
Federal Statute
Good Faith Exception
Consent Authorization Limits
Dru Case
Ninth Circuit
US v Carrera
Role of Vulnerability Disclosure Programs
Encouraging Vulnerability Disclosure Programs
Warner Gardner Bill
Benefits and Risks
Reasons for Caution
When a Vulnerability Disclosure Goes Wrong
Googles Project Zero
Considerations
Adoption
Scoping
Resources
Reporting
Notifications
Conclusion
Taught by
HackerOne
