A federal ‘bug bounty’ program? HackerOne’s Katie Moussouris weighs in on the challenges

Host Kevin Greene and guest Katie Moussouris, chief policy officer at HackerOne, explore the potential benefits of formalizing a “bug bounty” program in the federal government, which would allow outside experts to find and report bugs in the secure software that powers the Internet.  Moussouris talks about the implications of removing the barriers between the researchers, government and vendor communities to help facilitate such a program.

At HackerOne, Moussouris oversees the company’s philosophy and approach to vulnerability disclosure, advises customers and lawmakers, and promotes security research that aims to help make the Internet safer for everyone.  Her work includes developing initiatives such as Microsoft’s bounty programs, security researcher outreach, vulnerability disclosure policies, and MSVR (Microsoft Vulnerability Research), and she served as content chair of Microsoft’s BlueHat security conference. Moussouris is also a subject matter expert for the U.S. National Body of the International Standards Organization in vulnerability disclosure, secure development and vulnerability handling processes.

In addition, Katie has worked at the ethical hacking group @stake, and has performed dozens of software penetration tests, security code audits and design reviews for major companies


Host Kevin Greene has more than 17 years of cybersecurity and information assurance experience. His contributions to FedScoop represent his own views and do not reflect the positions or policies of any federal agency. Follow him at @iamkevtorious.

New episodes are posted every other Wednesday at noon (ET), at the beginning and middle of each month.