|
|
|
|
|
|
by EdOverflow
2532 days ago
|
|
|
(Obligatory: I am not a lawyer) This is what the "safe harbor" that the author was referring to is supposed to cover. > Tesla considers that a pre-approved, good-faith security researcher who complies with this policy to access a computer on a research-registered vehicle has not accessed a computer without authorization or exceeded authorized access under the Computer Fraud and Abuse Act ("CFAA"). [1] *.teslamotors.com, which is where the blind XSS payload fired, is in scope and therefore the safe harbor covers that asset too. For more on bug bounty safe harbors, I would highly recommend taking a look at Amit Elazari's work at https://amitelazari.com/%23legalbugbounty-hof and https://github.com/edoverflow/legal-bug-bounty. [1]: https://bugcrowd.com/tesla |
|
|