“Katie Moussouris”的意思、由来-开放百科全书

Moussouris joined Symantec in October 2004 when they acquired @stake.^[6]^[7] She founded and managed Symantec Vulnerability Research.^[8]

Microsoft

In May 2007, Moussouris left Symantec to join Microsoft as a security strategist.^[7] She founded the Microsoft Vulnerability Research (MSVR) program, announced at BlackHat 2008.^[8] The program has coordinated the response to several significant vulnerabilities, including Dan Kaminsky's DNS flaw,^[9] and has also actively looked for bugs in third-party software affecting Microsoft customers (subsequent examples of this include Google's Project Zero).

From September 2010 until May 2014, Moussouris was the Senior Security Strategist Lead at Microsoft, where she ran the Security Community Outreach and Strategy team for Microsoft as part of the Microsoft Security Response Center (MSRC) team.^[10] She instigated the Microsoft BlueHat Prize for Advancement of Exploit Mitigations,^[11] which awarded over $260,000 in prizes to researchers at BlackHat USA 2012.^[12] The grand prize of $200,000 was at the time the largest cash payout being offered by a software vendor.^[13] She also created Microsoft's first bug bounty program,^[1] which paid over $253,000 and received 18 vulnerabilities over the course of her tenure.

ISO vulnerability disclosure standard

Moussouris has helped edit the ISO/IEC 29147 document since around 2008. In April 2016, ISO made the standard freely available at no charge after a request from Moussouris and the CERT Coordination Center's Art Manion.^[14]

HackerOne

In May 2014, Moussouris was named the Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California.^[2] In this role, Moussouris was responsible for the company's vulnerability disclosure philosophy, and worked to promote and legitimize security research among organizations, legislators and policy makers.

"Hack the ..." series

While still at Microsoft, Moussouris began discussing a bug bounty program with the federal government; she continued these talks when she moved to HackerOne.^[15] In March 2016, Moussouris was directly involved in creating the Department of Defense's "Hack the Pentagon" pilot program, organized and vetted by HackerOne.^[16] It was the first bug bounty program in the history of the US federal government.^[17] Moussouris followed up the Pentagon program with "Hack the Air Force". HackerOne and Luta Security are partnering to deliver up to 20 bug bounty challenges over three years to the Defense Department.^[18]

Luta Security

In April 2016,^[19] Moussouris founded Luta Security, a consultancy to help organizations and governments work collaboratively with hackers through bug bounty programs.

New America

During 2015-2016 and 2016-2017, Katie Moussouris served as a Cybersecurity Fellow at New America, a U.S. based think tank.^[20]^[21]

Awards

In 2014, SC Magazine named Moussouris to its Women in IT Security list.^[22] She was also named as one of "10 Women in Information Security That Everyone Should Know,"^[23] and the "One To Watch" among the 2011 Women of Influence awards.^[24] In 2018 she was featured among "America's Top 50 Women In Tech" by Forbes^[25]

Presentations

Congressional testimony

In 2018, Moussouris testified in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security about security research for defensive purposes.^[26]

Publications and articles

Microsoft lawsuit

In September 2015, Moussouris filed a discrimination class-action lawsuit against Microsoft in federal court in Seattle. She alleged that Microsoft hiring practices upheld a practice of sex discrimination against women in technical and engineering roles with respect to performance evaluations, pay, promotions, and other terms and conditions of employment.^[31]^[32]

References

1. ^¹{{Cite web|url=https://www.theregister.co.uk/2015/01/06/former_ms_bug_bounty_program_developer_forced_into_paris_laptop_decryption/|title=Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official|last=|last2=|access-date=2016-04-04|last4=|last5=|last6=|first6=|last7=|first7=|last8=}}
2. ^¹{{Cite web|url=http://www.securityweek.com/hackerone-secures-9-million-appoints-katie-moussouris-chief-policy-officer|title=HackerOne Secures $9 Million, Appoints Katie Moussouris Chief Policy Officer {{!}} SecurityWeek.Com|website=www.securityweek.com|access-date=2016-04-04}}
3. ^{{Cite web|url=http://www.lutasecurity.com/|title=Luta Security|website=Luta Security, Inc|access-date=2017-06-17}}
4. ^{{Cite web|url=https://www.wired.com/2016/03/pentagon-launches-feds-first-bug-bounty-hackers/|title=Pentagon Launches the Feds' First 'Bug Bounty' for Hackers|website=WIRED|language=en-US|access-date=2016-04-04}}
5. ^{{Cite web|url=http://www.darkreading.com/threat-intelligence/hack-the-pentagon-dod-launches-first-ever-federal-bug-bounty-program/d/d-id/1324542|title=Hack The Pentagon: DoD Launches First-Ever Federal Bug Bounty Program|website=Dark Reading|access-date=2016-04-04}}
6. ^{{cite web|last1=Rashid|first1=Fahmida|title=Sisters in Security: Katie Moussouris' Leaps of Faith|url=http://uk.pcmag.com/opinion/34954/sisters-in-security-katie-moussouris-leaps-of-faith|website=PCMagazine|publisher=PCMagazine|accessdate=23 September 2017}}
7. ^¹{{cite web|last1=Naraine|first1=Ryan|title=Symantec vulnerability research founder joins Microsoft|url=http://www.zdnet.com/article/symantec-vulnerability-research-founder-joins-microsoft/|website=Zero Day|publisher=ZDNet|accessdate=23 September 2017}}
8. ^{{cite web|last1=Kaplan|first1=Dan|title=BLACK HAT: Microsoft to work with third parties over vulns|url=https://www.scmagazine.com/black-hat-microsoft-to-work-with-third-parties-over-vulns/article/554805/|website=SC Media US|publisher=Haymarket Media, Inc.|accessdate=24 September 2017}}
9. ^{{cite web|last1=Lemos|first1=Robert|title=Alliance forms to fix DNS poisoning flaw|url=http://www.securityfocus.com/news/11526|website=SecurityFocus|accessdate=24 September 2017}}
10. ^{{Cite web|url=http://www.zdnet.com/article/100-brains-microsofts-katie-moussouris-makes-security-accessible/|title=100 Brains: Microsoft's Katie Moussouris makes security accessible {{!}} ZDNet|last=Leggio|first=Jennifer|website=ZDNet|access-date=2016-04-04}}
11. ^{{cite web|last1=DuPaul|first1=Neil|title=Microsoft BlueHat - 5 Questions with Katie Moussouris|url=https://www.veracode.com/blog/2012/08/microsoft-bluehat-5-questions-with-katie-moussouris|website=Veracode|publisher=Veracode|accessdate=23 September 2017}}
12. ^{{cite web|last1=Smith (pseudonym)|first1=Ms.|title=Microsoft BlueHat Prize Winners|url=https://www.csoonline.com/article/2222848/microsoft-subnet/microsoft-bluehat-prize-winners.html|website=CSO Online|publisher=IDG Communications, Inc.|accessdate=23 September 2017}}
13. ^{{cite web|last1=Kamath|first1=Maya|title=Here is list of world’s biggest ‘Bug Bounty’ payouts by tech companies|url=https://www.techworm.net/2015/08/here-is-list-of-worlds-biggest-bug-bounty-payouts-by-tech-companies.html|website=TechWorm|publisher=TechWorm.net|accessdate=23 September 2017}}
14. ^{{cite web|last1=Saarinen|first1=Juha|title=ISO vulnerability disclosure standard now free|url=https://www.itnews.com.au/news/iso-vulnerability-disclosure-standard-now-free-418253|website=iTnews|publisher=nextmedia Pty Ltd.|accessdate=24 September 2017}}
15. ^{{cite web|last1=Zetter|first1=Kim|title=Bug Bounty Guru Katie Moussouris Will Help Hackers and Companies Play Nice|url=https://www.wired.com/2016/04/bug-bounty-guru-katie-moussouris-will-help-hackers-companies-play-nice/|website=WIRED|publisher=WIRED|accessdate=24 September 2017}}
16. ^{{Cite web|url=https://www.usnews.com/news/articles/2016-04-01/pentagon-turns-to-hackers-to-modernize-military|title=To Modernize Military, Pentagon Turns to Hackers|last=Shinkman|first=Paul D.|date=April 1, 2016|website=US News & World Report|access-date=2016-04-04}}
17. ^{{cite news|author=|title=’Hack the Pentagon’ Pilot Program Opens for Registration|url=https://www.defense.gov/News/Article/Article/710033/hack-the-pentagon-pilot-program-opens-for-registration/|accessdate=24 September 2017|work=US Department of Defense News|agency=US Department of Defense|date=31 March 2016}}
18. ^{{Cite news|url=https://www.cyberscoop.com/u-s-launches-hack-air-force-bug-bounty-program/|title=U.S. launches 'Hack the Air Force' bug bounty program - Cyberscoop|last=O'Neill|first=Patrick Howell|date=2017-04-26|work=Cyberscoop|access-date=2017-09-24|language=en-US}}
19. ^{{Cite web|url=https://threatpost.com/katie-moussouris-on-her-new-consultancy-hack-the-pentagon-and-more/117398/|title=Katie Moussouris On Hack The Pentagon,Embracing Hackers|last=Brook|first=Chris|date=April 14, 2016|website=Threat Post|access-date=2016-08-15}}
20. ^{{cite web|title=The 2016-2017 Cybersecurity Fellows|url=https://www.newamerica.org/cybersecurity-initiative/2016-2017-cybersecurity-fellows/|website=New America 2016-2017 Cybersecurity Fellows|accessdate=19 June 2017}}
21. ^{{cite web|title=The 2015-2016 Cybersecurity Fellows|url=https://www.newamerica.org/cybersecurity-initiative/articles/2015-16-cybersecurity-fellows/|website=2015-2016 Cybersecurity Fellows}}
22. ^¹{{Cite web|url=http://www.scmagazine.com/2014-women-in-it-security-katie-moussouris/article/361005/|title=2014 Women in IT Security: Katie Moussouris|website=SC Magazine|access-date=2016-04-04}}
23. ^{{Cite web|url=http://www.eweek.com/c/a/Security/10-Women-in-Information-Security-That-Everyone-Should-Know-560649/|title=Mischel Kwon|website=www.eweek.com|access-date=2016-04-04}}
24. ^{{Cite web|url=http://www.csoonline.com/article/2130454/security-leadership/2011-women-of-influence-award-winners-named.html?page=6|title=2011 Women of Influence award winners named|last=Editor|first=Joan Goodchild and Senior|website=CSO Online|access-date=2016-04-04}}
25. ^{{cite web|url=https://www.forbes.com/profile/katie-moussouris/?list=top-tech-women-america |title=Katie Moussouris |publisher=Forbes}}
26. ^{{cite web|title=U.S. SENATE HEARING - DATA SECURITY AND BUG BOUNTY PROGRAMS: LESSONS LEARNED|url=https://www.hackerone.com/blog/US-Senate-Hearing-Bug-Bounty-Lessons-Learned|website=Hacker One Blog}}
27. ^{{cite web|last1=Moussouris|first1=Katie|title=Not All Hackers Are Evil|url=http://time.com/4274288/hackers/|website=Time.com|publisher=Time Magazine|accessdate=19 June 2017}}
28. ^{{cite web|last1=Moussouris|first1=Katie|title=Hackers Can Be Helpers|url=https://www.nytimes.com/roomfordebate/2016/03/30/should-hackers-help-the-fbi/hackers-can-be-helpers|website=The New York Times|publisher=The New York Times|accessdate=19 June 2017}}
29. ^{{cite web|last1=Moussouris|first1=Katie|title=Administration should continue to seek changes to international cyber export controls|url=http://thehill.com/blogs/congress-blog/technology/316978-administration-should-continue-to-seek-changes-to|website=thehill.com|publisher=The Hill|accessdate=19 June 2017}}
30. ^{{cite web|last1=Moussouris|first1=Katie|title=The Time Has Come to Hack the Planet|url=https://threatpost.com/the-time-has-come-to-hack-the-planet/117419/|website=Threatpost|accessdate=24 September 2017}}
31. ^{{cite web|author=Jane Mundy |url=https://www.lawyersandsettlements.com/articles/california_labor_law/california-labor-law-lawsuit-149-20927.html |title=Microsoft Accused of Discrimination against Women |website=Lawyersandsettlements.com |date=September 21, 2015 |accessdate=2015-12-11}}
32. ^{{cite web|author= |url=https://www.reuters.com/article/ca-lchb-idUSnBw166390a+100+BSW20150916 |title=Microsoft Sued in Class Action Alleging Sex Discrimination |website=Reuters.com |date=September 16, 2015 |accessdate=2015-12-11}}

Career

Symantec