Bug Bounty Logistics and Legalities: Your Questions Answered

download Bug Bounty Logistics and Legalities: Your Questions Answered

of 12

  • date post

    15-Jan-2017
  • Category

    Technology

  • view

    230
  • download

    1

Embed Size (px)

Transcript of Bug Bounty Logistics and Legalities: Your Questions Answered

  • Crowdsourced Cybersecurity

    Bug Hunting and the Law: Your Questions AnsweredJim Denaro + Casey Ellis

  • Speakers2

    Casey EllisFounder & CEO, Bugcrowd

    An innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 29,000 security researchers to surface critical software vulnerabilities. Bugcrowd provides a range of vulnerability disclosure and bug bounty programs that allow organizations to commission a customized security testing program that fits their needs.

    James DenaroAttorney, Founder of Cipher Law

    CipherLaw is a high-technology law firm providing strategic counseling to innovators in information security and defense technologies, including C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance). With offices in Washington, DC and Los Gatos, California, we provide counseling on intellectual property, patent, contract, transactional, and litigation matters.

    Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    mailto:casey@bugcrowd.com

  • Bug Hunting and the Law: Your Questions Answered

    Outline

    Introductions

    Current State of Cyberlaw Legal Questions & Concerns that come up with Security Researchers

    FAQs The crowd Liability Compliance

    3

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    4

    Risk and reward

    mailto:casey@bugcrowd.com

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    The Foundation:

    Bounty Brief: Scope Out of Scope Rules Invitation

    = Contract

    5

    mailto:casey@bugcrowd.com?subject=

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    6

    Regulation

    mailto:casey@bugcrowd.com

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    FAQs

    mailto:casey@bugcrowd.com

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    Questions about the Crowd

    29,000 Hackers, 112 Countries Represented, Varying skill level & expertise

    FAQs: Rules and Policies Contracts & NDAs Rogue Hackers? Public Disclosure Incidents

    *Most important thing to remember - Its not them against you, but them and you

    8

    mailto:casey@bugcrowd.com?subject=

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    Liability Concerns

    FAQs: Who is liable for security researchers? Who is held liable for any damages incurred

    from bad behavior? Personal liability?

    9

    mailto:casey@bugcrowd.com?subject=

  • Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    Compliance Questions

    Current compliance guidelines impacting cybersecurity: PCI HIPPA Safe Harbor

    Bugcrowds Response Private Programs

    More controlled environment Elite Researchers

    10

    mailto:casey@bugcrowd.com?subject=

  • QUESTIONS?

    Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com

    mailto:casey@bugcrowd.com

  • Crowdsourced Cybersecurity