New open source effort: Legal code to make reporting security bugs safer

Enlarge / The Disclose.io project: open source contracts to keep white-hat hackers and developers out of legal trouble. (credit: Disclose.io)

Not a week goes by without another major business or Internet service announcing a data breach. And while many companies have begun to adopt bug bounty programs to encourage the reporting of vulnerabilities by outside security researchers, they’ve done so largely inconsistently. That’s the reason for Disclose.io, a collaborative and open source effort to create an open source standard for bug bounty and vulnerability-disclosure programs that protects well-intentioned hackers.

The lack of consistency in companies’ bug-disclosure programs—and the absence of “safe harbor” language that protects well-intended hackers from legal action in many of them—can discourage anyone who discovers a security bug from reporting it. And vague language in a disclosure program can not only discourage cooperation but can also lead to public-relations disasters and a da

 » Read More

Loading...

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

Comments

comments

Tesla posts bigger-than-expected loss, bigger-than-expected revenue [Updated]

Tesla posts bigger-than-expected loss, bigger-than-expected revenue [Updated]

Android P will be officially released on August 20, according to Evan Blass

Android P will be officially released on August 20, according to Evan Blass