Friday, 3 August 2018

Disclose wants to create a legal safe harbor for security researchers


An increasing number of enterprises take advantage of bug bounty programs to identify vulnerabilities and structural weaknesses within software. But outside of these formal programs, informing vendors about security issues can be a legal minefield. Some firms welcome the help of the security community, and seek to reward it with bounties, swag, and offers of employment. Others don’t respond well, and respond with legal threats — or worse, they call the cops. A great example of the latter is the Budapest Transport Authority (BKK in Hungarian), which recently called the cops on an 18-year-old security researcher after he found a…

This story continues at The Next Web
https://ift.tt/2Mhuz1g Matthew Hughes August 02, 2018 at 06:00PM

No comments: