Modern field guide to security and privacy

Podcast: Katie Moussouris on bug bounties and stunt hacking

On the Cybersecurity Podcast, HackerOne's Chief Policy Officer Katie Moussouris discusses ways to incentivize hackers to report security problems and Brunswick Group's Siobhan Gorman reveals the "golden rule" of breach disclosures. 

Courtesy of HackerOne
Moussouris is chief policy officer for HackerOne.

As the drumbeat of security breaches continues, what's the best way to incentivize hackers to report vulnerabilities they find to help companies solve their cybersecurity problems? Why are the changes the US government is proposing to an international arms control agreement incensing the major cybersecurity companies, researchers, and digital rights groups?

And is stunt hacking – such as when Chris Valasek and Charlie Miller recently compromised a Jeep Cherokee while it was driving down a highway with a Wired reporter inside it – ethical?  Katie Moussouris, chief policy officer for HackerOne, answers these questions and more on the latest episode of The Cybersecurity Podcast.

"It's definitely something that got attention," Ms. Moussouris said of the published video of the Jeep hack.

"The patch had been available from the manufacturer, but nobody really knew about it. What I think the interesting question is: How do we get companies and consumers to pay attention to security issues without doing excessive stunt hacking and things generated to get a lot of attention? How do we make it a mundane practice for people to protect themselves, especially when there's a patch available?" 

Siobhan Gorman from global communications consultancy company Brunswick Group, joins the panel discussion about how cyberattacks could hurt businesses' reputations and outlines the "golden rules" for companies when disclosing how they've been breached. The former Wall Street Journal intelligence correspondent also discusses how government agencies might improve their digital security in the wake of the Office of Personnel Management hack that exposed millions of people's sensitive personal records.

The podcast is cohosted by Peter W. Singer, strategist at the New America think tank and author of "Cybersecurity and Cyberwar: What Everyone Needs to Know," and Sara Sorcher, deputy editor of The Christian Science Monitor's Passcode.

The podcast is available for download on iTunes. You can find more information about the podcast on Passcode's long-form storytelling platform. Bookmark New America's SoundCloud page for new episodes or sign up for Passcode below.

In previous episodes, Cory Doctorow – science fiction author, journalist and co-editor of the blog Boing Boing – joined Singer and Sorcher to talk about society's "peak indifference" to the Surveillance State and what a future world war might look like in the 2020s. Dan Kaufman, then-director of DARPA's Information Innovation Office, discussed funding "moonshot" projects to help the military beef up its digital defenses.

The Cybersecurity Podcast team also interviewed Bruce Schneier, prolific author and chief technology officer at Resilient Systems, about the challenges of publicly blaming countries for cyberattacks and Nate Fick, the CEO of security intelligence software company Endgame about leveraging cybersecurity solutions for the government into the private sector. 

They have also interviewed Alex Stamos, formerly Yahoo's chief information security officer about what it’s like to lead a team of “Paranoids” and why people who have his job are so stressed out. Stamos is now Facebook's chief security officer.

And the Army's top cyber commander, Lt. Gen. Edward Cardon, joined their first episode to talk about how the Army is growing up its ranks of cybersecurity experts and what role the military should play when a nation-state attacks a private company. 

For more episodes, visit Soundcloud and iTunes or sign up for Passcode below. 


of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.