bug hunting and the law

Bug Bounty Logistics and Legalities: Your Questions Answered

Through running hundreds of private and public crowdsourced cybersecurity programs, we've fielded many questions regarding the legal misconceptions around bug hunting. 

Join Jim Denaro, founder of Cipher Law, and Casey Ellis, Founder and CEO of Bugcrowd, to drill into many of those questions. Whether you're skeptical about the safety and legality of bug bounty programs, or your legal team is, this webcast will arm you with answers to some frequently asked questions...

  • What security and privacy controls does Bugcrowd have in place?
  • Is using Bugcrowd as safe as running a “traditional” penetration test?
  • Are security researchers testing under a contract or held to terms & conditions?
  • What happens if there is a rogue hacker in the crowd?  Who is held responsible?
  • As a manager of a bug bounty program, can I be held personally liable? 
  • What about compliance?

In addition to exploring these questions, we'll discuss general legal implications that both companies and bug hunters should be considering, as well as answer individual questions you may have.

Download the slides here.

About our Guest Speaker:

Jim Denaro is the founder of CipherLaw, a Washington, D.C.-based law firm and focuses his practice on legal and technical issues faced by innovators in information security.  Jim is a frequent speaker and writer on encryption backdoors, export control for exploits, bug bounties, and active counter measures.  He has spoken at Black Hat, DEF CON, RSA, and IAPP conferences on a wide range of issues at the intersection of law, policy, and emerging technologies.  He is a registered patent attorney and is a post-graduate student in national security at Georgetown University.


More Resources