Cyber:Secured Forum Spotlight: Katie Moussouris and Bug Bounty Programs

Katie Moussouris, Luta Security

While some physical security companies have begun penetration testing programs for their devices and systems, this practice isn’t nearly as widely used in physical security as it in other industries, namely the IT and Internet of Things fields. Considering the number of video surveillance cameras, access control systems and networked security devices in homes and businesses around the world, physical security companies should be investing in penetration testing, working with cybersecurity researchers and probably considering establishing  bug bounty programs.

At Cyber:Secured Forum– June 4–6 in Denver, Colorado – renowned computer security researcher and noted authority on vulnerability disclosure and bug bounties Katie Moussouris will be part of a panel educating the physical security industry on ethical hacking, vulnerability scanning and disclosure and bug bounty programs. Katie created the bug bounty and vulnerability disclosure program at Microsoft, the first of its kind for a major corporation. She also led the team that built the U.S. Department of Defense’s (DoD’s) Hack the Pentagon bug bounty program, which found and resolved 138 legitimate vulnerabilities within the DoD’s public-facing web platforms. In this discussion, Katie, alongside other noted security researchers will help attendees determine, among other topics:

  • The difference between a vulnerability scan, a vulnerability assessment, vulnerability disclosure and penetration testing
  • How a vulnerability program can help both device manufacturers and integrators
  • Different models for crowdsourced vulnerability testing and the business factors that affect these decisions, including privacy and cost
  • How to start conversations about these programs with non-technical officers

Learn more about Cyber:Secured Forum – including the agenda, speakers and how you can register – at