Hacking the Law - A Call for Action – Bug Bounties Legal Terms as a Case Study

Explore the legal landscape of bug bounty programs in this 25-minute conference talk from BSidesLV 2017. Delve into the complexities of legal terms, safe harbors, and implications for hackers and companies. Examine real-world examples from Alibaba, Facebook, and Microsoft to understand the paradoxes and risks involved. Learn about the importance of platforms, participation restrictions, and intermediaries in shaping bug bounty ecosystems. Discover suggestions for improving legal frameworks, including eliminating reverse engineering language, standardizing terms, and providing specific authorization. Gain insights into the intersection of law and cybersecurity, and understand the call for action to create more equitable and effective bug bounty programs.

Introduction
Who dictates the rules
The safe harbor
The legal implications
The call for action
Three important points
Proof of concept
Legal risks
Most paradoxical example
Alibaba example
Facebook example
Hackers examples
Intermediates
Exceptions
Platforms Matter
Who Can Participate
Microsoft Example
Suggestions
Eliminate Reverse Engineering Language
Review the Terms
One Language
Specific Authorization