Abstract
This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality, and the problematic ability to consent to the testing procedures by the public bodies.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Computer Law & Security Review: The International Journal of Technology Law and Practice
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
