Recorded live on January 19, 2019 at LevelUp 0x03.
Learn more: www.bugcrowd.c...
Join Bugcrowd: bit.ly/invitesplz
Have a question related to this talk? Post it on our forum:
forum.bugcrowd...
Panel:
Amit Elazari @AmitElazari
Khris Johnson @DC3VDP
John Repici - technical lead
Chloe Messdaghi (Moderator) @ChloeMessdaghi
Behind the Curtain - How to work with the DoD
How does DoD handle vulns submissions
How long does it take
How does it work internally when taking actions
How many vulns have been processes since the starting of the program
Legal Protection and Risks
Tell us a bit about Safe Harbor, quick overview of DOJ framework core principles
How is the DoD protecting through their policy on safe harboring
What are the boundaries of DoD safe harbor
How is the DoD leading the movements to having better terms than the private sector, as well as on policies on legal protections and risks
Legal Landscape
How should security researchers submit vulnerabilities
What’s the best advice on contacting to let someone know about a vul
What are the latest indictments that we should know about (CFAA extortion case)
New trends and lessons on US Computer Fraud and Abuse Act (CFAA) extortion following recent indictment
Trends and Predictions
What are the latest trends in Bug Bounty
Safe harbor trends (Tesla introducing warranty waivers for example)
What can we expect in the future with the federal government with reporting vulnerabilities
With third party testing, how should researchers deal with it
What is Disclose.io