Category Archives: Amit Elazari

Tesla offers ‘goodwill’ to security researchers hacking its cars

Posted on by

Go ahead and hack that car in peace. In a move greeted happily by cybersecurity researchers around the world, the electric-automobile company Tesla announced that hacking the company’s software as part of “good-faith security research” will not void your warranty. The announcement is part of a “goodwill” revamping of Tesla’s vulnerability disclosure program to allow research without risking legal action, a voided warranty or a broken car — as long as hackers play by the rules. As long as your work complies with our bug bounty policy, Tesla will not void your warranty if you hack our software https://t.co/HhibE1UpRC https://t.co/NIISSrrViD — Tesla (@Tesla) September 5, 2018 “Tesla values the work done by security researchers in improving the security of our products and service offerings,” the company’s vulnerability disclosure page reads. “We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community […]

The post Tesla offers ‘goodwill’ to security researchers hacking its cars appeared first on Cyberscoop.

Continue reading Tesla offers ‘goodwill’ to security researchers hacking its cars

Open source project looks to give legal safe harbor for ethical hackers

Posted on by

A new program aims to provide white hat hackers and companies running bug bounty and vulnerability disclosure programs with open source legal guidelines to avoid issues sometimes associated with security research. Launched jointly on Thursday by Bugcrowd and Amit Elazari, a University of California Berkeley doctoral candidate, Disclose.io can be adopted by any organization running a bug bounty or disclosure program. The initiative offers boilerplate language that a company can use as terms between it and security researchers who want to disclose a bug. Bugcrowd asserts that current laws, such as the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA) have a chilling effect on security research. Research conducted in order to find software vulnerabilities is often perceived as malicious hacking, Bugcrowd explains. “The ambiguity of existing laws and lack of framework surrounding protocols for ‘good faith’ security testing has sometimes resulted in legal threats, unlawful […]

The post Open source project looks to give legal safe harbor for ethical hackers appeared first on Cyberscoop.

Continue reading Open source project looks to give legal safe harbor for ethical hackers