The Benefits and Risks of Vulnerability Disclosure Programs
Offered By: HackerOne via YouTube
Course Description
Overview
Explore the legal landscape and practical considerations of vulnerability disclosure programs in this 36-minute conference session from Security@ 2017. Delve into the federal statutes, case law, and legal frameworks surrounding ethical hacking and vulnerability reporting. Examine the role of disclosure programs in cybersecurity, including their benefits and potential risks. Learn about key legislative efforts like the Warner Gardner Bill and analyze high-profile cases such as the Dru case and Google's Project Zero. Gain insights into implementing effective vulnerability disclosure programs, covering aspects like adoption, scoping, resource allocation, reporting mechanisms, and notification processes.
Syllabus
Introduction
Legal Framework
Federal Statute
Good Faith Exception
Consent Authorization Limits
Dru Case
Ninth Circuit
US v Carrera
Role of Vulnerability Disclosure Programs
Encouraging Vulnerability Disclosure Programs
Warner Gardner Bill
Benefits and Risks
Reasons for Caution
When a Vulnerability Disclosure Goes Wrong
Googles Project Zero
Considerations
Adoption
Scoping
Resources
Reporting
Notifications
Conclusion
Taught by
HackerOne
Related Courses
Introduction to FinanceUniversity of Michigan via Coursera Information Security and Risk Management in Context
University of Washington via Coursera Financial Engineering and Risk Management
Columbia University via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Caries Management by Risk Assessment (CAMBRA)
University of California, San Francisco via Coursera