Katie Moussouris – Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Google Podcasts | Stitcher | RSS

TechSpective Podcast Episode 067

Vulnerabilities are everywhere and they will not be going away. That means they need to be researched and discovered and addressed. But, what is the right way to go about that process? Katie Moussouris, founder and CEO of Luta Security, is my guest for this episode of the TechSpective Podcast and she is uniquely qualified to discuss this topic since she essentially pioneered it and has had significant influence and input on the standards and practices being followed today.

What is the right or best way for someone who finds a vulnerability to let the software or hardware vendor know about the discovery without prematurely revealing the flaw to the public. The goal, ethically speaking, would be to address the vulnerability and develop a patch or fix for it before announcing it to the world and exposing all vulnerable systems to risk. The flip side, though, is that companies have to be kept accountable to actually address the flaws that are reported and not just sit on the information and keep their fingers crossed that the bad guys don’t discover the vulnerability too. Coordinated vulnerability disclosure addresses both sides of that equation and provides a framework for cooperating and holding each other accountable for the greater good.

Check out the full episode for more from Katie on coordinated vulnerability disclosure. We also discuss the ways that bug bounty programs corrupt the system and are bad for both the researchers that try to report vulnerabilities through them and, in many cases, the companies that join the platforms. There is also a bit in there about the progress with COVID-19 vaccines and the hope that we will be able to safely convene for industry events again soon.

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform, and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.

• About
• Latest Posts

Tony Bradley

Editor-in-Chief at TechSpective

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Latest posts by Tony Bradley (see all)

• Igor Volovich Chats about Cybersecurity Compliance and Accountability - January 31, 2023
• Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
• Mark Thomas Talks about Threat Hunting - January 5, 2023