The Legal Aspects of Cybersecurity Vulnerability Disclosure: To
the NIS 2 and Beyond

J 2024

The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond

VOSTOUPAL, Jakub, Václav STUPKA, Jakub HARAŠTA, František KASL, Pavel LOUTOCKÝ et. al.

Základní údaje

Originální název

The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond

Autoři

VOSTOUPAL, Jakub (203 Česká republika, garant, domácí), Václav STUPKA (203 Česká republika, domácí), Jakub HARAŠTA (203 Česká republika, domácí), František KASL (203 Česká republika, domácí), Pavel LOUTOCKÝ (203 Česká republika, domácí) a Kamil MALINKA (203 Česká republika, domácí)

Vydání

Computer Law & Security Review, Great Britain, Elsevier, 2024, 0267-3649

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

50501 Law

Stát vydavatele

Velká Británie a Severní Irsko

Utajení

není předmětem státního či obchodního tajemství

Odkazy

Odkaz na publikovaný text výsledku

Impakt faktor

Impact factor: 2.900 v roce 2022

Organizační jednotka

Právnická fakulta

DOI

http://dx.doi.org/10.1016/j.clsr.2024.105988

UT WoS

001251010700001

Klíčová slova anglicky

Bug bounty; Liability; Vulnerability disclosure; Ethical hacking; Penetration testing; Criminal law

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 10. 7. 2024 08:54, JUDr. Mgr. Jakub Harašta, Ph.D.

Anotace

V originále

This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality and the problematic ability to consent to the testing procedures by the public bodies.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Citovat

VOSTOUPAL, Jakub, Václav STUPKA, Jakub HARAŠTA, František KASL, Pavel LOUTOCKÝ a Kamil MALINKA. The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond. Computer Law & Security Review. Great Britain: Elsevier, 2024, roč. 2024, č. 53, s. 1-18. ISSN 0267-3649. Dostupné z: https://dx.doi.org/10.1016/j.clsr.2024.105988.

@article{2407337,
   author = {Vostoupal, Jakub and Stupka, Václav and Harašta, Jakub and Kasl, František and Loutocký, Pavel and Malinka, Kamil},
   article_location = {Great Britain},
   article_number = {53},
   doi = {http://dx.doi.org/10.1016/j.clsr.2024.105988},
   keywords = {Bug bounty; Liability; Vulnerability disclosure; Ethical hacking; Penetration testing; Criminal law},
   language = {eng},
   issn = {0267-3649},
   journal = {Computer Law & Security Review},
   title = {The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond},
   url = {https://www.sciencedirect.com/science/article/pii/S0267364924000554},
   volume = {2024},
   year = {2024}
}

TY  - JOUR
ID  - 2407337
AU  - Vostoupal, Jakub - Stupka, Václav - Harašta, Jakub - Kasl, František - Loutocký, Pavel - Malinka, Kamil
PY  - 2024
TI  - The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond
JF  - Computer Law & Security Review
VL  - 2024
IS  - 53
SP  - 1-18
EP  - 1-18
PB  - Elsevier
SN  - 02673649
KW  - Bug bounty
KW  - Liability
KW  - Vulnerability disclosure
KW  - Ethical hacking
KW  - Penetration testing
KW  - Criminal law
UR  - https://www.sciencedirect.com/science/article/pii/S0267364924000554
N2  - This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality and the problematic ability to consent to the testing procedures by the public bodies.
ER  -

VOSTOUPAL, Jakub, Václav STUPKA, Jakub HARAŠTA, František KASL, Pavel LOUTOCKÝ a Kamil MALINKA. The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond. \textit{Computer Law \&{} Security Review}. Great Britain: Elsevier, 2024, roč.~2024, č.~53, s.~1-18. ISSN~0267-3649. Dostupné z: https://dx.doi.org/10.1016/j.clsr.2024.105988.

Podrobný výpis o publikaci