Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement.

Now that a proposed revision to the Wassenaar Arrangement has been rejected, it will be up to the Trump administration to decide whether to attempt to renegotiate again.

Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.

The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases.

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0.  Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,”...

Mike Mimoso talks to Katie Moussouris about her newly launched consultancy Luta Security, the Hack the Pentagon bug bounty program, and some ISO news around vulnerability disclosure. Download: Katie_Moussouris_on_Her_New_Consultancy_Hack_the_Pentagon_and_More.mp3 Music by Chris Gonsalves

The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain public-facing websites will be...

The White House, lawmakers said yesterday, wants to renegotiate the divisive U.S. implementation of the Wassenaar Arrangement rules as they relate to intrusion software. A draft of the rules was pulled off the table in July by the Commerce Department’s Bureau of Industry and Security (BIS) following a 90-comment period during which advocates in the...

Threatpost editor Mike Mimoso talks to HackerOne chief policy officer Katie Moussouris about the U.S. implementation of the Wassenaar Arrangement rules and where things stand close to seven months after the initial draft was pulled off the table for a rewrite. [embedded content]

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy experts because its vague language would put a serious...