AC
Anasayfa Makaleler Criminal law

Pen-Test and Bug Bounty: TCK 243 Exceptions and Written Contract

TL;DR

Pen-test izinli olmadığı sürece TCK 243 ihlali; sözleşme + scope kritik.

16 Şubat 2026 Criminal law 1 dk okuma 13 görüntülenme Son güncelleme: 10 Mayıs 2026

Pen-test is safe only with written contract + scope.

Contract terms

  • Identity of parties.
  • Scope (which systems).
  • Date + time range.
  • Reporting procedure.
  • Indemnity.

Bug bounty

  • HackerOne, Bugcrowd platforms.
  • Public + private programs.
  • Reward + disclosure timing.

Frequently asked

I found a non-Scope system, disclosure?

Don't ask verbally first; then email request.

Unauthorized pen-test = penalty?

Yes; TCK 243 + 244.

Prize tax?

Self-employment income; subject to tax.

Relevant legislation

  • TCK art.243-245 — Basic articles of cyber crimes.
  • TCK art.158/1-f — Qualified fraud (information tool).
  • CMK article 134 — Search for digital evidence.
  • 5651 SK — Access blocking and content removal.
  • Budapest Cybercrime Convention — Türkiye is a party; international cooperation.
Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case.

Kaynaklar ve referanslar

Kaynaklar

Pen-Test ve Bug Bounty: TCK 243 İstisnaları ve Yazılı Sözleşme içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

Hukuki destek arıyorsanız

Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

Görüşme Planla