HackerOne Advises Users to Safeguard From Legal Issues

1 week ago 5
Photo by Headway on Unsplash

HackerOne bridges the security gap between what businesses own and what they can secure. HackerOne’s Attack Resistance Management combines ethical hackers’ security knowledge with asset discovery, ongoing assessment, and process optimization to identify and address vulnerabilities in the ever-changing digital attack surface. This method helps businesses to evolve while remaining ahead of risks. The US Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo are among the customers. Fast Company dubbed HackerOne a “brand that matters” in 2021.

HackerOne has updated its policy guidelines to provide additional legal protection for ethical hackers operating in good faith.

Clients that conduct bug bounty programs via HackerOne are requested to subscribe to the Gold Standard Safe Harbor (GSSH), which provides a “short, wide, easily-understood safe harbor declaration that’s straightforward for customers to accept.”

Vulnerability disclosure and bug reward programs both commonly contain safe harbor agreements that clarify the legal safeguards that hackers might anticipate. These agreements might vary, but HackerOne hopes to decrease the bureaucratic burden for ethical hackers by requiring its clients to subscribe to a single policy.

Gold Standard Safe Harbor (GSSH)

Gold Standard Safe Harbor protects enterprises and hackers doing Good Faith Security Research. Accessing a computer solely for the purpose of testing, investigating, and/or correcting a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs.

GSSH Reduces the burden

Photo by AltumCode on Unsplash

According to the crowdsourced security platform, “although many programs currently contain safe harbor in their policies, the GSSH is a short, wide, easily-understood safe harbor declaration that’s straightforward for consumers to adopt.” “This uniformity also relieves hackers of the trouble of deciphering several distinct program statements.”

On Wednesday, November 16, Gold Standard Safe Harbor became live. Organizations who agree to the GSSH will replace their current safe harbor statement on their program website with the GSSH, which will be denoted with a digital badge. Hackers will be able to filter software searches depending on their membership in the GSSH scheme.

Among the first clients to use the GSSH’s standardized language are KAYAK, GitLab Inc, and Yahoo. According to The Daily Swig, the GSSH is open for adoption by HackerOne clients globally, despite the fact that its terminology most closely matches with recent US government cybersecurity policy revisions.

According to preliminary data from HackerOne’s forthcoming Hacker Report, attempts to tighten legal protections for hackers look to be vindicated.

According to the survey, more than half of hackers have not disclosed a vulnerability they have identified, with 12% blaming their choice on threatening legal language used by the firm whose code included the flaw. Another one-fifth (20%) said that they did not disclose the defect because the organization has previously been difficult to deal with.

The Gold Standard Safe Harbor intends to safeguard ethical hackers from such legal risks and responsibilities, provided they themselves follow the guidelines.

Even while knowledge and enthusiasm for the work of ethical hackers is expanding in both industry and government, such protections are still required.

To Sum Up…

Organizations who agree to the GSSH will update their current safe harbor statement on their program website with the GSSH and earn a matching digital badge. Hackers may also use the HackerOne portal to search for applications depending on GSSH membership. GSSH is the first step in a larger effort to define and promote best practices for consumers engaging with hackers and reducing cybersecurity risk. Find out more about HackerOne’s larger mission and the GSSH.

References:

Bug Zero is a bug bounty, crowdsourcing platform for security testing. The platform is the intermediatory entity that enables client organizations to publish their service endpoints so that bug hunters (security researchers / ethical hackers) registered in the platform can start testing the endpoints without any upfront charge. Bug hunters can start testing as soon as a client organization publishes a new program. Bug Zero also offers private bug bounty programs for organizations with high-security requirements.

https://bugzero.io/signup

Bug Zero is available for both hackers and organizations.

For organizations and hackers, register with Bug Zero for free, and let’s make cyberspace safe.

Read Entire Article