Analyzing DJI's Legal Threat Following a Researcher's Bug Report

Verified

Added on 2023/04/11

AI Summary

This presentation examines the controversy surrounding DJI's threat of legal action against a security researcher who reported vulnerabilities in their software as part of a bug bounty program. It discusses the initial promise of the bug bounty program, DJI's approach to cybersecurity, and the subsequent legal threat following the researcher's report. The presentation highlights the importance of data and software security, privacy, and the need for clear communication and ethical standards in bug bounty programs. It also touches upon DJI's efforts to improve its security measures and compensate researchers for their findings. References to various articles and research papers further support the analysis of security regression testing approaches and security requirements engineering methods.

DJI threatens legal
action after researcher
reports bug

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Introduction
• DJI announced that bug bounty program would provide rewards to
people that will find flaws within the software.
• Company decided to provide $100 and $30,000 based on the flaw.
• However the program did not have a good start.

DJI approach
• This approach cyber security is associated with
companies like Yahoo, Google and Microsoft.
• However the DJI be security published their
private key in the GitHub that allowed in
accessing the sensitive customer information.
• However after the report was published by
Finisterre the DJI’s legal team sent a letter for
Computer Fraud and Abuse Act.
• This was further interpreted as an act of threat

DJI legal action
• According to Finisterre there were significant
problems associated with the drone makers
security.
• DJI has threatened to take legal actions against
the researcher who claimed security
vulnerabilities to the company as a part of bug
bounty program.
• After this the DJI created a new website that
aims at providing detailed information
regarding the bounty program and were not
announced early.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Standard terms for researchers
• The standards terms includes
protecting the confidentiality
of data
• Allowing time for analysis
and resolution
• This will ensure proper data
is displayed after proper
analysis

Standards for researcher
• DJI decided to improve the system for overcoming the security
issues related to the products.
• In addition to this DJI has paid thousand of dollars towards the
researcher.
• This researcher has helped in determining the vulnerability within
the system.
• In addition to this DJI has also offered to pay new bounties to new
researchers.

Software Security
• The security of a software is
one of the most important
non-functional requirement .
• It is very important that the
people using the software can
operate safely on it.
• Software security depends
mainly on the access control
system and firewall system
installed in it.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Data Security and Privacy
• Data is one of the most important
part of the IT sector.
• It is very important that both the
data of the client and the
organization is protected efficiently.
• Privacy is one thing that should not
be tampered with and hence the
data security plan are kept into
place.

Conclusion
• Data is security is very important for any type of organization.
• DJI decided to improve the system for overcoming the security
issues related to the products.
• In addition to this DJI has paid thousand of dollars towards the
researcher.
• This researcher has helped in determining the vulnerability within
the system.
• In addition to this DJI has also offered to pay new bounties to new
researchers.

References
• Elazari Bar On, A., 2018. Private Ordering Shaping Cybersecurity Policy: The Case of Bug Bounties.
• Nichols, R.K., Mumm, H.C., Lonstein, W.D., Ryan, J.J. and Carter, C., 2018. Unmanned Aircraft Systems (UAS) in the Cyber Domain: Protecting
USA's Advanced Air Assets.
• Thierer, A., 2016. Permissionless innovation: The continuing case for comprehensive technological freedom. Mercatus Center at George
Mason University.
• Zhao, M., Laszka, A. and Grossklags, J., 2017. Devising effective policies for bug-bounty platforms and security vulnerability discovery. Journal
of Information Policy, 7, pp.372-418.
• Felderer, M. and Fourneret, E., 2015. A systematic classification of security regression testing approaches. International Journal on Software
Tools for Technology Transfer, 17(3), pp.305-319.
• Pattakou, A., Kalloniatis, C. and Gritzalis, S., 2017. Security and privacy requirements engineering methods for traditional and cloud-based
systems: A review. CLOUD COMPUTING 2017, 155.
• Van Den Berghe, A., Scandariato, R., Yskout, K. and Joosen, W., 2017. Design notations for secure software: a systematic literature review.
Software & Systems Modeling, 16(3), pp.809-831.
• Loruenser, T., Pöhls, H.C., Sell, L. and Laenger, T., 2018, August. CryptSDLC: Embedding cryptographic engineering into secure software
development lifecycle. In Proceedings of the 13th International Conference on Availability, Reliability and Security (p. 4). ACM.
• Reed, M., 2015, October. System security engineering for program protection and cybersecurity. In Proc. 18th Annu. NDIA Syst. Eng. Conf. (pp.
26-29).
• Ponsard, C., Massonet, P. and Dallons, G., 2016. Co-engineering security and safety requirements for cyber-physical systems. ERCIM News,
106, pp.45-46.