…But Now I See—A Vulnerability Disclosure Maturity Model
Someone politely knocks on your door and reports that there’s a hole in your wall big enough for a person to climb through. You immediately threaten legal action. Crazy? In the world of vuln research, this happens. This session will review a Vuln Disclosure Maturity Model created describe best-in-class practices. For any company wanting to get better bug reports faster—this session is a must.
Speaker
Katie Moussouris (@k8em0)
Katie Moussouris is the Chief Policy Officer for HackerOne, a vulnerability response and structured bounty platform. She is a noted authority on vulnerability disclosure and advises lawmakers, customers and researchers to legitimize and promote security research and help make the Internet safer for everyone. Moussouris’s earlier Microsoft work encompassed industry-leading initiatives such as Microsoft’s bounty programs and Microsoft Vulnerability Research. She is also a subject matter expert for the U.S. National Body of the International Standards Organization (ISO) in vuln disclosure, vuln handling processes and secure development. Moussouris is a visiting scholar with MIT Sloan School, doing research on the vuln economy and exploit market. She is a New America Foundation Fellow.
Detailed Presentation
(Source: RSA USA 2016-San Francisco)
Comments