Tesla Inc have added some new guidelines to the bug bounty programs that will help researchers to discover security bugs in the Tesla’s software. The company are now actually allowing researchers to hack a non-running Tesla car without the fear of voiding the warranty or incurring any legal liabilities.
What are the rules the Security Researcher has to follow?
Although there are some additional rules, for example the security expert and the vehicle must be registered and approved for carrying out such security tests as the part of the company’s vulnerability reporting program and their effort must be in a good faith. Tesla are even offering the over the air assistance to the Researchers who need their car updated.
The company has explicitly said that its goodwill should not be taken advantage of, researchers should not expect the company to cover any out-of-pocket expenses such as towing the vehicle to the nearest service centre.
As long as your work complies with our bug bounty policy, Tesla will not void your warranty if you hack our software https://t.co/HhibE1UpRC https://t.co/NIISSrrViD
— Tesla (@Tesla) September 5, 2018
Who are safe from the Legal Issues?
All researchers and cars that have been approved in the vulnerability report program are safe from any charges under the Computer Fraud and Abuse Act (CFAA), as for the Digital Millenium Copyright Act (DMCA) the company will not bring any copyright charges against the pre-approved researchers that play with the car’s security mechanisms.
“If you are the first researcher to report a confirmed vulnerability, we will list your name in our Hall of Fame (unless you would prefer to remain anonymous). You may also be considered for an award if you are the first researcher to report one of the top 3 confirmed vulnerabilities in a calendar quarter,” the company says.
Take your time to comment on this article.