Episode 27: On Bug Bounties and Hacking the Pentagon

Episode Thumbnail
00:00
00:00
This is a podcast episode titled, Episode 27: On Bug Bounties and Hacking the Pentagon. The summary for this episode is: Not all that long ago, bounty hunters were burly guys who apprehended fugitives using brute force in exchange for a reward or "bounty." And while those types of bounty hunters still exist, these days the vast majority of them are hackers looking for bugs. In this episode of the Impact Podcast, Jon Prial talks with Katie Moussouris, a highly regarded computer security researcher who's best known for creating the bug bounty program at Microsoft. You'll hear about: -Results from the recent Hack the Pentagon Program (1:15) -What companies can learn from the government’s approach to engaging with the hacker community (2:36) -How to determine if your organization is ready for a bug bounty program (5:40) -Issues larger enterprises face versus smaller startups (7:20) -Maturity models for assessing vulnerability (11:28) -Best practices for engineering teams (14:54) -The keys to success for bug bounty programs going forward (17:44)

DESCRIPTION

Not all that long ago, bounty hunters were burly guys who apprehended fugitives using brute force in exchange for a reward or "bounty." And while those types of bounty hunters still exist, these days the vast majority of them are hackers looking for bugs. In this episode of the Impact Podcast, Jon Prial talks with Katie Moussouris, a highly regarded computer security researcher who's best known for creating the bug bounty program at Microsoft. You'll hear about: -Results from the recent Hack the Pentagon Program (1:15) -What companies can learn from the government’s approach to engaging with the hacker community (2:36) -How to determine if your organization is ready for a bug bounty program (5:40) -Issues larger enterprises face versus smaller startups (7:20) -Maturity models for assessing vulnerability (11:28) -Best practices for engineering teams (14:54) -The keys to success for bug bounty programs going forward (17:44)