Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/28/2016
12:00 PM
Connect Directly
Twitter
RSS
E-Mail

10 Newsmakers Who Shaped Security In the Past Decade

In celebration of Dark Reading's 10th anniversary, we profile ten people whose actions influenced and shaped the trajectory of the industry - for better or for worse -- in the past ten years.
10 of 12

Katie Moussouris

Bug Bounty Huntress

Microsoft was one of the last big holdouts to institute a bug bounty program. For years, Microsoft insisted it was not in favor of paying researchers a finders fee for discovering security vulnerabilities in its software.

But times were changing fast as security researchers began demanding compensation for their work, and companies were under increasing pressure to ensure their software was as secure as humanly possible. Katie Moussouris, then-senior strategist lead for the Microsoft Security Response Center, in 2011, helped launch the software giants first big researcher prize program called the BlueHat Prize contest, which paid anywhere from $10,000 to $200,000 for innovative methods for mitigating specific classes of attacks.

It wasn't a bug bounty program per se, but it was a significant step in that it paid researchers to find defense solutions. Even so, Moussouris at the time left the door open ever-so subtly for a pure bug bounty program: "We continue to evaluate the best way to collaborate with the research community, and we'll let you know if anything changes there," she told Dark Reading then.

Two years later, in 2013, Microsoft kicked off an official bug bounty program, joining companies like Google, Facebook, Mozilla, and PayPal, which already had programs in place. Moussouris was considered the catalyst behind Microsofts change of heart in paying for vulnerabilities.

"Microsoft had been one of the major holdouts for a long time, not offering financial rewards for research. But once that happened, I think there was a big tipping point," Moussouris said in a 2014 interview when she announced that she had joined startup HackerOne, a bug bounty service provider, as chief policy officer.

Moussouris most recently helped the Defense Department formulate its Hack The Pentagon program, a pilot bug bounty program that encourages researchers to locate vulnerabilities in DoDs public websites. She recently left HackerOne to start her own consulting firm to assist businesses and governments in working with hackers in bug bounty programs.

Image Source: Dark Reading/Katie Moussouris

10 of 12
Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20803
PUBLISHED: 2020-11-23
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4...
CVE-2019-14586
PUBLISHED: 2020-11-23
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVE-2019-14587
PUBLISHED: 2020-11-23
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-0569
PUBLISHED: 2020-11-23
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12351
PUBLISHED: 2020-11-23
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.