Hacker, founder, advisor, and pioneer of crowdsourced security. Founder of Bugcrowd, co-founder of disclose.io, principal of Tall Poppy Group. Board member at SRLDF.
Policy
What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and awareness. The framework is published by the National Institute of Standards and Technology (NIST), under the US Department of Commerce. Originally designed for
Policy
Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.
Policy
The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
Policy
A proposed taxonomy... Discovery, Documentation, Distribution.
Security
The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.
Security
I know you do security stuff with computers and my Twitter/Facebook/Instagram/etc has been hacked! It's posting all kinds of strange stuff that isn't from me. What do I do to stop this???
Personal
Outrage is cheap and of fleeting value. Introspection and change are expensive, precious, and resilient... and very easy to miss if everything is the other guy’s fault.
Personal
My family and I are straight-up blessed with how we've fared this year, and I'm incredibly thankful for the myriad of people and things - but whichever way you cut it, 2020 was a dense and challenging year and not one I’d rush to repeat.
Security
The Supreme Court heard oral argument in Van Buren v. United States, a case concerning a statute of the Computer Fraud and Abuse Act (CFAA) and violations of terms of service agreements.
Policy
Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!
Security
Building
Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.