Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Próximo SlideShare
Bug Bounty Tipping Point: Strength in Numbers
Siguiente
Descargar para leer sin conexión y ver en pantalla completa.

Compartir

Bug Bounty Logistics and Legalities: Your Questions Answered

Descargar para leer sin conexión

Watch the full webcast here: https://pages.bugcrowd.com/bug-bounty-logistics-legalities

Join Jim Denaro, founder of Cipher Law, and Casey Ellis, Founder, and CEO of Bugcrowd, to drill into many of those questions. Whether you're skeptical about the safety and legality of bug bounty programs, or your legal team is, this webcast will arm you with answers to some frequently asked questions...

What security and privacy controls does Bugcrowd have in place?
Is using Bugcrowd as safe as running a “traditional” penetration test?
Are security researchers testing under a contract or held to terms & conditions?
What happens if there is a rogue hacker in the crowd? Who is held responsible?
As a manager of a bug bounty program, can I be held personally liable?
What about compliance?
In addition to exploring these questions, we'll discuss general legal implications that both companies and bug hunters should be considering, as well as answer individual questions you may have.

  • Sé el primero en recomendar esto

Bug Bounty Logistics and Legalities: Your Questions Answered

  1. 1. Crowdsourced Cybersecurity Bug Hunting and the Law: Your Questions Answered Jim Denaro + Casey Ellis
  2. 2. Speakers 2 Casey Ellis Founder & CEO, Bugcrowd An innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 29,000 security researchers to surface critical software vulnerabilities. Bugcrowd provides a range of vulnerability disclosure and bug bounty programs that allow organizations to commission a customized security testing program that fits their needs. James Denaro Attorney, Founder of Cipher Law CipherLaw is a high-technology law firm providing strategic counseling to innovators in information security and defense technologies, including C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance). With offices in Washington, DC and Los Gatos, California, we provide counseling on intellectual property, patent, contract, transactional, and litigation matters. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com
  3. 3. Bug Hunting and the Law: Your Questions Answered Outline • Introductions • Current State of Cyberlaw • Legal Questions & Concerns that come up with Security Researchers • FAQs • The crowd • Liability • Compliance 3
  4. 4. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com 4 Risk and reward
  5. 5. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com The Foundation: Bounty Brief: • Scope • Out of Scope • Rules • Invitation = Contract 5
  6. 6. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com 6 Regulation
  7. 7. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com FAQs
  8. 8. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com Questions about the Crowd 29,000 Hackers, 112 Countries Represented, Varying skill level & expertise FAQs: • Rules and Policies • Contracts & NDAs • Rogue Hackers? • Public Disclosure Incidents *Most important thing to remember - It’s not them against you, but them and you 8
  9. 9. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com Liability Concerns FAQs: • Who is liable for security researchers? • Who is held liable for any damages incurred from bad behavior? • Personal liability? 9
  10. 10. Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com Compliance Questions Current compliance guidelines impacting cybersecurity: • PCI • HIPPA • Safe Harbor Bugcrowd’s Response • Private Programs • More controlled environment • Elite Researchers 10
  11. 11. QUESTIONS? Bug Hunting and the Law: Your Questions Answered +1 415 867 5351 casey@bugcrowd.com
  12. 12. Crowdsourced Cybersecurity

Watch the full webcast here: https://pages.bugcrowd.com/bug-bounty-logistics-legalities Join Jim Denaro, founder of Cipher Law, and Casey Ellis, Founder, and CEO of Bugcrowd, to drill into many of those questions. Whether you're skeptical about the safety and legality of bug bounty programs, or your legal team is, this webcast will arm you with answers to some frequently asked questions... What security and privacy controls does Bugcrowd have in place? Is using Bugcrowd as safe as running a “traditional” penetration test? Are security researchers testing under a contract or held to terms & conditions? What happens if there is a rogue hacker in the crowd? Who is held responsible? As a manager of a bug bounty program, can I be held personally liable? What about compliance? In addition to exploring these questions, we'll discuss general legal implications that both companies and bug hunters should be considering, as well as answer individual questions you may have.

Vistas

Total de vistas

655

En Slideshare

0

De embebidos

0

Número de embebidos

3

Acciones

Descargas

15

Compartidos

0

Comentarios

0

Me gusta

0

×