Skip to content
← home

tag

#policy

30 posts

Where security meets society: advocacy, legal reform, government work, safe harbor, disclose.io mission

Policy

Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22

Katie Moussouris, Founder & CEO of Luta Security and Casey Ellis, Founder & CTO of Bugcrowd join Joe and Mike to talk all things responsibility disclosure – the good, the bad, and the ugly.…

26 Feb 2021 · 59 min read
Policy

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.…

22 Feb 2021 · 3 min read
Policy

Modes of Public Vulnerability Disclosure

A proposed taxonomy... Discovery, Documentation, Distribution.…

20 Feb 2021 · 3 min read
Policy

DEF CON endorsed by POTUS!

Great news everyone: After years of steady work and deliberate improvement of relationships and trust between the hacker community and government officials, we've made it to the apex of the American org chart!…

14 Nov 2020 · 6 min read
Policy

VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections

“All software is vulnerable,” Bugcrowd CTO Casey Ellis said. “It just depends on how long you’re taking to look to find those vulnerabilities. Humans write code, and humans make mistakes.”…

23 Oct 2020 · 1 min read
Policy

Iowa launches vulnerability disclosure program for election-related sites

The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.…

01 Oct 2020 · 1 min read
Policy

Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)

We the undersigned cybersecurity companies and professionals write to express strong support for the IoT Cybersecurity Improvement Act (H.R. 1668). We respectfully urge you and your colleagues to support expedited passage of the bill before the end of the 116th Congress.…

29 Aug 2020 · 1 min read
Policy

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls

Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy…

07 Aug 2020 · 4 min read
Policy

Help! I've found a vulnerability. What now?

"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"…

04 Aug 2020 · 1 min read
Policy

Disclose.io, VDP, Hackers, and voting

About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.…

04 Aug 2020 · 2 min read
Policy

Hacking Democracy On Securing an Election (Shmoocon 2020)

Democracy is the cornerstone of America’s Constitution, identity, and ideology, and this foundation was shaken during the 2016 Presidential Election.…

01 Feb 2020 · 31 min read
Policy

Crowdsourcing physics

Ok, time for some hard chats. I’m posting this following on from a series of conversations and reactions on Twitter and Slack/Discord,…

02 Jan 2020 · 4 min read