- podcast risk repeat - Can Disclose.io help protect vulnerability researchers?
Listen to this podcast

In this week’s Risk & Repeat podcast, SearchSecurity discuss the Disclose.io project and what it could mean for the future of research and disclosure.

Bug hunting and vulnerability disclosure can sometimes be risky tasks in the eyes of the law, but some are hoping to take the of legal action out of security research.

A new framework called Disclose.io aims to participating in bug bounties from legal action under such laws as the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).

The open source, vendor-agnostic project was launched by Amit Elazari, a University of California, Berkeley doctoral candidate and bug bounty legal expert, in collaboration with bug bounty platform provider Bugcrowd Inc. According to the project’s website, the vulnerability research framework can be employed by enterprises and government organizations to give researchers acting in good faith exemption from prosecution under the CFAA and DMCA.

Currently, 21 organizations have pledged support for the Disclose.io project. The framework arrives at a time when experts such as Bugcrowd CTO Casey Ellis have expressed concern about the future of good faith security research.

Will more organizations support the Disclose.io project? Can the framework encourage more researchers to participate in bug bounties? Are companies making the vulnerability reporting process too cumbersome and intimidating for researchers? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here