Companies and law enforcement are increasingly turning to white hat hackers for help. The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands of dollars to find vulnerabilities in their systems. Davis Polk’s recent cybersecurity webcast discusses why companies are using pools of white hat hackers for certain vulnerability assessments, and how to reduce the risks associated with such “bug bounty” programs. In the one-hour discussion, which is now available below, we cover:
- The new DOJ guidelines on bug bounty vulnerability assessments.
- When using a bug bounty to test cybersecurity measures makes sense.
- Contractual and structural suggestions for an effective bug bounty program.
- The line between lawful and unlawful hacking.
- When negotiation demands from white hat hackers cross the line into extortion.
- Legal options for responding to an extortion demand from a hacker.
To learn more about the risks and benefits of white hat hacking, see our webcast below: