Security Unhappy Hour E13 Safe Harbor in Bug Bounties and Vulnerability Disclosure Programs

Security Unhappy Hour – E13 – Safe Harbor in Bug Bounties and Vulnerability Disclosure Programs

In this episode we are going to talk about safe harbor and other legal considerations of a bug bounty and vulnerability disclosure programs. Lisa Bradley, Katie Noble, Crob and Josh Dembling are joined today by Dr. Amit Elazari. Dr. Amit Elazari is a Director of Global Cybersecurity Policy at Intel Corp. and a Lecturer at UC Berkeley’s School of Information Master in Information and Cybersecurity as well as a member of the External Advisory Committee for the Center of Long Term Cybersecurity. She holds a Doctoral Degree in the Law (J.S.D.) from UC Berkeley and graduated summa cum laude three prior degrees. Her work on security law, computer crime, privacy and intellectual property has been presented and published in leading academic journals, top conferences, and featured at leading news sites such as The Wall Street Journal, The Washington Post and the New York Times. In 2018, she received a UC Berkeley Center for Long-Term Cybersecurity grant for her work on private ordering regulating information security, exploring safe harbors for security researchers. Today she will be speaking with us in a personal capacity.

Things we discuss
Do security researchers have concerns with respect to reporting security vulnerabilities to vendors? Legal or otherwise?
What is ‘Safe Harbor’ in the context of bug bounties and vulnerability disclosure programs? What are some of the key developments we have seen in this landscape lately?
What does it mean to Security Researchers, the Government and Vendors with the growing focus on vulnerability disclosure programs in the emerging regulatory and policy security landscape?
What are some of the industry and emerging best practices and standardization efforts we have seen in this domain?
Who does Safe Harbor protect?
How does a vendor integrate safe harbor into their VDP or BBP terms as well as their culture?
Where does the CFAA or other anti hacking laws fit into this? (probably will be covered already)

Josh Dembling –
Lisa Bradley –
Katie Noble –
CRob –
Dr. Amit Elazari –