Bug Bounties, the Uber Breach, and Ransom Demands, with Katie Moussouris

Send us a text

In this episode we’re excited to host Katie Moussouris, the founder and CEO of Luta Security, a company that helps organizations implement and manage bug bounty programs. Prior to starting Luta Security, Katie worked with companies including ATstake, Symantec, and HackerOne. She’s a hacker, an advocate for gender and economic equality, a cybersecurity fellow at New America and the National Security Institute, and an advisor to the US government.

With extensive experience in bug bounty programs, our guest shares her perspective on common mistakes in bug bounty and vulnerability disclosure programs:
“You want to be able to hire and recruit people who will be able to prevent and also spot and fix those bugs while the software is being developed. If you weigh too heavily on the reward side of things and reward only the bugs that remain, after all of those secure development processes, you've actually set yourself up for a perverse incentive and you're going to gut your own hiring practices”.

The discussion goes to explore solutions to combat ransomware and what organizations should do in case of an attack: “I don't think putting that much of a burden on the victims is really going to result in what you want, which is to shine more of a light on who needs help and who needs to warn their users that there was a material breach like that. So I would say it's about requiring notification upon payment of ransomware that we should focus, at least on the victim’s side”.

All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.

Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.