Tesla warranty does not expire as long as researchers adhere to bug bounty requirements

Tesla has published a new version of its product safety policy, in which it has made changes to its bug bounty program. Thus, researchers’ warranty does not expire and it restores firmware, as long as they adhere to the conditions.

Tesla announced the changes in a tweet. In it, it references its modified terms, stating that if pre-approved security researchers brick Tesla software, the company will flash it back. In addition, the investigation must take place on a car that is registered for that type of investigation. Furthermore, the company writes that it can provide this kind of assistance at its discretion, which means, for example, that it only honors a limited number of requests for assistance.

It further promises that software changes resulting from “good faith security research” will not void the warranty. However, it does not reimburse damage caused to the car as a result of searching for vulnerabilities. It also promises not to sue investigators under the DMCA Act or the Computer Fraud and Abuse Act.

In addition to the aforementioned conditions, Tesla also has general terms and conditions for reporting vulnerabilities in its vehicles, such as avoiding privacy violations, only examining its own vehicles and the requirement that only certain binaries may be subject to investigation.

The CEO of Bugcrowd, the platform Tesla uses for its bug bounty program, says that the move is a positive development for good-faith security research. Amit Elazari, of Berkeley Law School, told TechCrunch that the changes clarify the rules surrounding bug bounty programs. He cites examples of companies that have acted aggressively against researchers who test their products for leaks, and he hopes the new Tesla policy will bring about change.