Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Back To Schedule
Wednesday, June 5 • 11:00 - 11:30
Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Thousands of organizations have already adopted the idea of inviting good-faith hacking to hack into their systems via vulnerability disclosure, bug bounty and next-gen pen test programs. Even so, the risk of prosecution under anti-hacking laws still casts a cloud over the hackers who are trying to help, and many programs haven't removed this risk by including Safe Harbor language within their program policies. It's not intentional -- the simple truth is that the market has progressed so rapidly that most have implemented crowdsourced security programs without realizing this issue, nor do they know how to how to fix it. Bilateral Safe Harbor language enables program owners to not only provide a strong incentive for good-faith hackers in terms of explicit legal protection, but also to outline exactly what constitutes "good-faith" hacking for their organization, and leave legal protections against malicious hackers intact.

This talk provides an overview of Safe Harbor in the context of good-faith hacking and introduces a current effort to create a standardized, open-source, easily readable legal boilerplate for disclosure program owners all around the world to use.

What is Safe Harbor and key takeaways from CFAA/DMCA?
Why we need a open source vulnerability standardized disclosure
What is disclose.io?
How can companies participate?
How can security researchers participate?
How can legal community participate?


Chloe Messdaghi

Security Researcher Advocate/PM, Bugcrowd
Security Researcher Advocate/PM @Bugcrowd, board member for 4 nonprofits, one of the WIST founders, mentors, speaker on diversity and inclusion in InfoSec, and Drop Labels founder.

Wednesday June 5, 2019 11:00 - 11:30 BST
Track 1 ILEC Conference Centre 47 Lillie Road London SW6 1UD