The Law and Economics of Bug Bounties

Website Maintenance Alert

Due to scheduled maintenance on Wednesday, October 16, from 10:30 am to 4:30 pm Pacific Daylight Time (UTC -7), parts of the USENIX website (e.g., conference registration, user account changes) may not be available. We apologize for the inconvenience.

If you are trying to register for LISA19, please complete your registration before or after this time period.

Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee


Bug Bounties are one of the fastest growing, popular and cost-effective ways for companies to engage with the security community and find unknown security vulnerabilities. Now it’s time to make them fair to the most important element in the Internet’s immune system: security researchers. This talk will showcase how lacking policies in bug bounty programs put hackers at legal risk and affect their incentives, and how to fix this problem that affects all of us, researchers, security practitioners and technology users.

Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee

Amit is a Doctoral Law Candidate at UC Berkeley School of Law and a Berkeley Center for Long-Term Cybersecurity Grantee. She graduated Summa Cum Laude from her LL.M. (Master of Laws), LL.B. (Law) and B.A. (Business Administration) from IDC, Israel. Her research work on technology law has been published in leading legal and privacy journals, presented in conferences such as RSA, USENIX Enigma, BsidesLV and DEF CON-Skytalks, and featured in popular news sites such as Vice (Motherboard), the Washington Post and The Guardian. Additionally, Amit teaches at Berkeley’s Legal Studies program and serves as the submissions editor of BTLJ, the world’s leading Tech Law Journal.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {219983,
author = {Amit Elazari Bar On},
title = {The Law and Economics of Bug Bounties},
year = {2018},
isbn = {978-1-939133-04-5},
address = {Baltimore, MD},
publisher = {{USENIX} Association},
month = aug,

Presentation Video 

Presentation Audio