Lunch on Oct 13–Hacking: What Color Is Your Hat?

Vulnerability disclosure is a critical component on finding and fixing flaws in digital systems. White hat researchers have been able to keep company websites and data safe, including companies like Google and Facebook. However, the legal ability for them to do so is a gray area. On October 13th, we’ll be hosting a panel on understanding the importance of vulnerability disclosure and the push for legal protection. Join us for lunch and a vibrant discussion. A description of the event can be found below.

Hacking: What Color Is Your Hat? Vulnerability Disclosures and the Law

Vulnerability Disclosures Graphic

Photo Credit: Christoph Scholz via Flickr

Date: Friday, October 13, 2017
Time: 12:00 pm – 1:00 pm
Location: TBD
Follow: @NetCaucusAC | #VulDis

SPEAKERS

Click here to go to Leonard Bailey's bio

Leonard Bailey
Special Counsel for National Security, Computer Crime & Intellectual Property Section
U.S. Department of Justice

Click here to go to Harley Geiger's bio

Harley Geiger
Director of Public Policy
Rapid7

Click here to go to Katie Moussouris' bio

Katie Moussouris
Founder and CEO
Luta Security

More Speakers will be announced.

White hat researchers look for vulnerabilities in information systems and play an increasingly crucial role in our nation’s cyber security defenses. Yet, the rules of the road for these types of “hackers” have been slow to evolve in terms of civil and criminal liability. Worse, often times the white hats are mistaken for black hats when they attempt to report vulnerabilities to other companies. Now, more and more new legislation and regulations are starting to include specific protections and procedures for disclosing these vulnerabilities responsibly. The Department of Justice has even issued a set of guidelines that include white hat protections for disclosures.  But these measures are just the start. Should more companies adopt procedures to better ingest and respond to vulnerability disclosures? They they be disclosed publicly for others? What are the pros and cons of “bug bounties?” And, does law enforcement know the difference between a black hat, a grey hat and a white hat? 

Register Here