Katie Moussouris: Vulnerability Disclosure and Security Workforce Development

Bob Blakley: Welcome everyone to episode four of the IEEE Over the Rainbow podcast. I'm Bob Blakley, and I'm here with my cohost Lorrie Cranor. Our guest today is Katie Moussouris. Katie is the CEO of Luta Security, a company that helps organizations design and operate bug bounty and vulnerability reporting programs. Katie has a background in molecular biology and worked on the Human Genome Project at MIT. While she was at MIT, she became a system administrator, which led her in time to a career in information security. She was a penetration tester for @Stake; after Symantec acquired @Stake, she established the Symantec Vulnerability Research Program. From Symantec, she moved to Microsoft, where she created Microsoft's Vulnerability Research Program in 2008; in 2014, Katie moved to HackerOne, where she served as chief policy officer. In 2016, she left HackerOne to found Luta Security. Katie has done both academic and policy work in vulnerability research and disclosure; she was a driving force in ensuring that the 2013 revision of the Wassenaar Arrangement would exempt software tools used for defense from export controls, and she served as editor of both major ISO/IEC vulnerability standards (ISO/IEC 29147 and ISO/IEC 30111).