Other formats:
BibTeX
LaTeX
RIS
@article{2407337, author = {Vostoupal, Jakub and Stupka, Václav and Harašta, Jakub and Kasl, František and Loutocký, Pavel and Malinka, Kamil}, article_location = {Great Britain}, article_number = {53}, doi = {http://dx.doi.org/10.1016/j.clsr.2024.105988}, keywords = {Bug bounty; Liability; Vulnerability disclosure; Ethical hacking; Penetration testing; Criminal law}, language = {eng}, issn = {0267-3649}, journal = {Computer Law & Security Review}, title = {The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond}, url = {https://www.sciencedirect.com/science/article/pii/S0267364924000554}, volume = {2024}, year = {2024} }
TY - JOUR ID - 2407337 AU - Vostoupal, Jakub - Stupka, Václav - Harašta, Jakub - Kasl, František - Loutocký, Pavel - Malinka, Kamil PY - 2024 TI - The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond JF - Computer Law & Security Review VL - 2024 IS - 53 SP - 1-18 EP - 1-18 PB - Elsevier SN - 02673649 KW - Bug bounty KW - Liability KW - Vulnerability disclosure KW - Ethical hacking KW - Penetration testing KW - Criminal law UR - https://www.sciencedirect.com/science/article/pii/S0267364924000554 N2 - This paper focuses on the legal aspects of responsible vulnerability disclosure, bug bounty programs and legal risks associated with their implementation in the Czech Republic. Firstly, the authors introduce the basics of vulnerability disclosure procedures, identify different organisational models, and identify risks that may arise on the part of the organisation launching the bug bounty program or the hackers participating in it. The identified risks are divided into those arising from civil law, administrative law, and criminal law. For each identified risk, the authors then propose appropriate technical, organisation or legal solutions that can be applied to eliminate or reduce these risks. Nevertheless, the authors identified two areas that cannot be sufficiently mitigated through existing tools and laws and are likely to require legislative intervention – the matter of safeguarding the anonymity of reporters through confidentiality and the problematic ability to consent to the testing procedures by the public bodies. ER -
VOSTOUPAL, Jakub, Václav STUPKA, Jakub HARAŠTA, František KASL, Pavel LOUTOCKÝ and Kamil MALINKA. The Legal Aspects of Cybersecurity Vulnerability Disclosure: To the NIS 2 and Beyond. \textit{Computer Law \&{} Security Review}. Great Britain: Elsevier, 2024, vol.~2024, No~53, p.~1-18. ISSN~0267-3649. Available from: https://dx.doi.org/10.1016/j.clsr.2024.105988.
|