Modern field guide to security and privacy

Podcast: Katie Moussouris on bug bounties and stunt hacking

On the Cybersecurity Podcast, HackerOne's Chief Policy Officer Katie Moussouris discusses ways to incentivize hackers to report security problems and Brunswick Group's Siobhan Gorman reveals the "golden rule" of breach disclosures. 

Courtesy of HackerOne
Moussouris is chief policy officer for HackerOne.

As the drumbeat of security breaches continues, what's the best way to incentivize hackers to report vulnerabilities they find to help companies solve their cybersecurity problems? Why are the changes the US government is proposing to an international arms control agreement incensing the major cybersecurity companies, researchers, and digital rights groups?

And is stunt hacking – such as when Chris Valasek and Charlie Miller recently compromised a Jeep Cherokee while it was driving down a highway with a Wired reporter inside it – ethical?  Katie Moussouris, chief policy officer for HackerOne, answers these questions and more on the latest episode of The Cybersecurity Podcast.

"It's definitely something that got attention," Ms. Moussouris said of the published video of the Jeep hack.

"The patch had been available from the manufacturer, but nobody really knew about it. What I think the interesting question is: How do we get companies and consumers to pay attention to security issues without doing excessive stunt hacking and things generated to get a lot of attention? How do we make it a mundane practice for people to protect themselves, especially when there's a patch available?" 

Siobhan Gorman from global communications consultancy company Brunswick Group, joins the panel discussion about how cyberattacks could hurt businesses' reputations and outlines the "golden rules" for companies when disclosing how they've been breached. The former Wall Street Journal intelligence correspondent also discusses how government agencies might improve their digital security in the wake of the Office of Personnel Management hack that exposed millions of people's sensitive personal records.

The podcast is cohosted by Peter W. Singer, strategist at the New America think tank and author of "Cybersecurity and Cyberwar: What Everyone Needs to Know," and Sara Sorcher, deputy editor of The Christian Science Monitor's Passcode.

The podcast is available for download on iTunes. You can find more information about the podcast on Passcode's long-form storytelling platform. Bookmark New America's SoundCloud page for new episodes or sign up for Passcode below.

In previous episodes, Cory Doctorow – science fiction author, journalist and co-editor of the blog Boing Boing – joined Singer and Sorcher to talk about society's "peak indifference" to the Surveillance State and what a future world war might look like in the 2020s. Dan Kaufman, then-director of DARPA's Information Innovation Office, discussed funding "moonshot" projects to help the military beef up its digital defenses.

The Cybersecurity Podcast team also interviewed Bruce Schneier, prolific author and chief technology officer at Resilient Systems, about the challenges of publicly blaming countries for cyberattacks and Nate Fick, the CEO of security intelligence software company Endgame about leveraging cybersecurity solutions for the government into the private sector. 

They have also interviewed Alex Stamos, formerly Yahoo's chief information security officer about what it’s like to lead a team of “Paranoids” and why people who have his job are so stressed out. Stamos is now Facebook's chief security officer.

And the Army's top cyber commander, Lt. Gen. Edward Cardon, joined their first episode to talk about how the Army is growing up its ranks of cybersecurity experts and what role the military should play when a nation-state attacks a private company. 

For more episodes, visit Soundcloud and iTunes or sign up for Passcode below. 


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to