#2 - Katie Moussouris

Avast Hacker Archives

内容由Avast提供。所有播客内容（包括剧集、图形和播客描述）均由 Avast 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品，您可以按照此处概述的流程进行操作https://zh.player.fm/legal。

3y ago 40:02

MP3•单集首页

已归档的系列专辑 ("不活跃的收取点" status)

When? This feed was archived on May 20, 2023 03:25 (11M ago). Last successful fetch was on September 14, 2021 13:05 (2+ y ago)

Why? 不活跃的收取点 status. 我们的伺服器已尝试了一段时间，但仍然无法截取有效的播客收取点

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Katie started with computers at age eight in her bedroom on a Commodore 64. She was the first female in her high school to take AP Computer Science and has continued to achieve many firsts in the hacking community. Katie is now an established pioneer and expert on bug bounty programs, vulnerability disclosure standards, handling processes and secure development, and a recognized cybersecurity public speaker.

In our episode, Katie tells the story of how a presentation she made at a grad-school symposium led to the first ever cash-incentivized bug bounty program for the Department of Defense called Hack the Pentagon.

While many companies come to Luta Security – beautifully named after the island in the Northern Marianas where Katie’s mother was born – ready to start a bug bounty program, she encourages them to first seriously consider investing in what they are doing to prevent and self-detect the bugs they want to hunt. She states that cash rewards aren’t always the best solution to solving a company’s digital security.

Katie and Jaya then discuss the Solarwinds supply chain case study. Katie describes how it’s getting more difficult to defend networks with so many pieces and vendors involved. She uses the term multi-party vulnerability coordination to describe studying and solving the vulnerability disclosure capabilities in the networks of many organizations that rely on each other across hardware and software supply chains.

Katie started Luta with a deep-seated sense of knowing that she could help companies and governments better understand what they don’t know, including what tools and talents they need. One of Luta’s first clients was the UK Government. She helped them not only create a vulnerability disclosure program, but also a maturity assessment capability so they could onboard different government agencies in an orderly fashion. This became especially important when the UK’s National Health Service had to roll out a Telehealth program virtually overnight at the start of the pandemic. Currently, the US government is set to release its own vulnerability disclosure program by March 1, 2021.

If Katie could have any wish granted in the cybersecurity industry, it would be that the deployment and implementation of security patches would have a faster and more effective operational process. One of the biggest problems isn’t that new patches aren’t being created fast enough, it’s that they aren’t being applied quickly and thoroughly to networks.

Closing out the episode, Katie raises the topic of gender and racial inequalities in the cybersecurity industry. In order to combat these societal inequalities and drive systemic change, she has founded her own foundation, the Pay Equity Now Foundation.

11集单集